-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathStatic Analysis
21 lines (21 loc) · 1.09 KB
/
Static Analysis
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<------------Tools and commands-------------------------->
#pecheck <name>
Prints header and section info, very verbose.
#pestr <name>
Similar to strings.
#pyew <name>
Give outpits of PE but has subcommands to help narrrow down the search. Simalr to pecheck but better.
#pepack <name>
Identifies the packer if the malware is packed.Will only output packer name.
#pescanner <name>
Identifies the packer if the malware is packed and outputs additional data like meta,headers,malicous IAT(imports).
Similar to pecheck with less verbosity
#exescan <name>
Identifies the packer if the malware is packed and outputs additional data like meta,headers,malicous IAT(imports).
Similar to pescanner with less verbosity
<---------------Analysis-------------------------------------->
At times, malware might contain resources embeded in them.
To identify them, use pescanner and check in the Resource header, to identify the resource. In the Labs, Lab01-04 has a BIN resource.
I used Resource Hacker to extract the resource.Youtube for usage of Resource Hacker.
For the lab, click Action-->Save as Binary.
Analyze the new resource.