I have stored safely away a "rogue dll."
It was caught because it masqueraded as a system dll and had a recent file date and had no version info.
Virusinfo misidentified it.
It's been renamed and the file extension as well.
I would like to study it safely with something similar to a debugger or maybe a passive type of analyzer.
I also use Linux, but could not find anything that can debug Windows PEs.
I would appreciate any recommendations.
Thanks.
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Rogue dll
IDA x86 Emulator plugin maybe? That would at least feed it system values which might make it behave normally for a time.
http://www.idabook.com/x86emu/
http://www.idabook.com/x86emu/
Thanks, I will check it out.
I have set up a Virtual Box with XP as the O.S.
I found some excellent info on malware forensic analysis at
xxxx-http://fumalwareanalysis.blogspot.com/2 ... verse.html
I have set up a guest account to study the "rogue item" using Windows Debugger and some other tools.
Back to bug hunting and dissection,
Andy
I have set up a Virtual Box with XP as the O.S.
I found some excellent info on malware forensic analysis at
xxxx-http://fumalwareanalysis.blogspot.com/2 ... verse.html
I have set up a guest account to study the "rogue item" using Windows Debugger and some other tools.
Back to bug hunting and dissection,
Andy