Information Security Asked by user109889 on November 23, 2021
I’m a beginner at malware analysis. For my research studies, I have to identify polymorphic malware based from experiments. I would like to know if there are any guides showing how to analyze the code (assembly language) of polymorphic malware using ollydbg (or other tools) to see where it started to mutate?
In the following articles, the decryption key of the decryption loop is mutated:
https://n1ps.wordpress.com/2008/09/14/w32virut-analysis/ https://n1ps.wordpress.com/2008/09/16/w32virut-analysis-part-2/
There's no universal guide to find all these kinds of mutations with OllyDbg or other tools but you could try to find Crypto code where there're lots of arithmetic/logic instructions as a tip to start your mutation digging journey.
Answered by Minh-Triet Pham Tran on November 23, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP