Demo of Static Code Analysis Using Objdump, IDA Free, and Yara
by
Demo of Static Code Analysis Using Objdump, IDA Free, and Yara
This lecture dove deeper into static analysis, leveraging tools like objdump
and IDA Free to
explore the executable code in the sample of malware we bgan with during the
Wk07.1 lecture. As with the prior lecture, there
is no slide deck for this particular talk.
Video: CS7038: Wk07.2 - Static Code Analysis and Yara Detection Demo
We explore the following features in IDA Free:
- Loading new samples to analyze
- Exploring the CFG
- Navigating the function list
- Navigating the strings list
- Pivoting using xrefs
- Adding comments
- Labeling data and variables
- Converting encodings
Additionally, we created additional yara data to add to our earlier yara rule:
rule ex1_bin {
strings:
$xyloop = { 68 ?? ?? ?? ?? ff 75 0c ff 15 90 40 40 00 59 85 c0 59 77 0a ff 45 0c 39 5d 0c 72 e4 }
$b64_setup = { 8b 45 f8 6a 10 59 8b f3 8d bd dc fe ff ff 8b 10 f3 a5 8b c2 c1 e8 02 83 e0 3f a4 7c 0e }
condition:
any of them
}