Course Repository for University of Cincinnati Malware Analysis Class (CS7038)

View on GitHub

Demo of Static Code Analysis Using Objdump, IDA Free, and Yara

This lecture dove deeper into static analysis, leveraging tools like objdump and IDA Free to explore the executable code in the sample of malware we bgan with during the Wk07.1 lecture. As with the prior lecture, there is no slide deck for this particular talk.

Video: CS7038: Wk07.2 - Static Code Analysis and Yara Detection Demo

We explore the following features in IDA Free:

Additionally, we created additional yara data to add to our earlier yara rule:

rule ex1_bin { 
  $xyloop = { 68 ?? ?? ?? ?? ff 75 0c ff 15 90 40 40 00 59 85 c0 59 77 0a ff 45 0c 39 5d 0c 72 e4 }
  $b64_setup = { 8b 45 f8 6a 10 59 8b f3 8d bd dc fe ff ff 8b 10 f3 a5 8b c2 c1 e8 02 83 e0 3f a4 7c 0e }
  any of them