Results 1 to 3 of 3

Thread: Rogue dll

  1. #1

    Smile Rogue dll

    I have stored safely away a "rogue dll."

    It was caught because it masqueraded as a system dll and had a recent file date and had no version info.

    Virusinfo misidentified it.

    It's been renamed and the file extension as well.

    I would like to study it safely with something similar to a debugger or maybe a passive type of analyzer.

    I also use Linux, but could not find anything that can debug Windows PEs.

    I would appreciate any recommendations.

    Thanks.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    IDA x86 Emulator plugin maybe? That would at least feed it system values which might make it behave normally for a time.

    http://www.idabook.com/x86emu/

  3. #3
    Thanks, I will check it out.

    I have set up a Virtual Box with XP as the O.S.

    I found some excellent info on malware forensic analysis at

    xxxx-http://fumalwareanalysis.blogspot.com/2011/08/malware-analysis-tutorial-reverse.html

    I have set up a guest account to study the "rogue item" using Windows Debugger and some other tools.

    Back to bug hunting and dissection,
    Andy

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •