[unisog] Decompiling virus binaries

Joshua Wright Joshua.Wright at jwu.edu
Tue Jul 22 12:49:46 GMT 2003


A little late for the original poster who needs help with a specific binary, but Lenny Zeltser has been teaching a hands-on class for the SANS Institute titled "Reverse Engineering Malware: Tools and Techniques" that would be very appropriate for someone who is responsible for this kind of analysis.  Check out www.sans.org for more information.

There is a also a Foundstone book that includes a section on reverse engineering binaries - I don't remember the title offhand, but e-mail me if anyone is interested and I will look it up at home.

-Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright at jwu.edu 
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73


> > We received what we believed to be a recent/(new to us) virus
> > attachment, and short of running `strings` against the binary, what
> > other methods/tools have y'all used to determine the 
> contents of a virus
> > binary?



More information about the unisog mailing list