Skill:Debugger:x64dbg

All posts tagged Skill:Debugger:x64dbg

Rebuilding a PE File From Memory

Posted by karl on 2024-06-16

Posted in: Malware Analysis, Reverse Engineering. Tagged: dynamic analysis, malware analysis, Skill:Debugger:x64dbg, Skill:MalwareAnalysis:Dynamic. Leave a Comment

Malware often extracts an embedded PE (Portable Executable) file from within itself, and either overwrites its original process image, or starts and overwrites a new process (process hollowing), with the embedded image. What if you want to save a copy of this extracted PE file so that you can analyse it using something other than the debugger that you were running the sample in?

Tofsee (part 1): Static Analysis

Posted by karl on 2024-05-06

Posted in: Malware Analysis, Reverse Engineering. Tagged: malware analysis, Skill:Debugger:Ghidra, Skill:Debugger:x64dbg, Skill:MalwareAnalysis:Static, Skill:ReverseEngineering:Static, Tofsee. Leave a Comment

It’s about time I got some more technical content on my blog and after presenting at the Malware and Reverse Engineering Conference in February and seeing a presentation on Tofsee, I decided to do my own analysis of Tofsee.

Malware Musings

Thoughts on malware and malware analysis

Skill:Debugger:x64dbg

All posts tagged Skill:Debugger:x64dbg

Rebuilding a PE File From Memory

Tofsee (part 1): Static Analysis

Recent Posts

Recent Comments

Archives

Categories

Meta