02-12-2020, 10:56 AM
مقالة تتحدث عن تجربة فك ضغط البرامج الضارة برمجيا اعتمادا على آلية المحاكاة.
Using Speakeasy Emulation Framework Programmatically to Unpack Malware
Using Speakeasy Emulation Framework Programmatically to Unpack Malware
اقتباس:
Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking.
I will demonstrate, with code examples, how Speakeasy can be used programmatically to
I will demonstrate, with code examples, how Speakeasy can be used programmatically to
- Bypass unsupported Windows APIs to continue emulation and unpacking
- Save virtual addresses of dynamically allocated code using API hooks
- Surgically direct execution to key areas of code using code hooks
- Dump an unpacked PE from emulator memory and fix its section headers
- Aid in reconstruction of import tables by querying Speakeasy for symbolic information
رابط المقالة:
https://www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html