CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
20 February 2018

Code-based Yara String Matching


Code-based Yara String Matching

In this lecture, we will discuss disassembly analysis of two versions each of the following encryption algorithms. We will consider the 32-bit and 64-bit implementations of each, and thus will analyze 4 different object files.

The following source files will be analyzed:

The following analysis artifacts are provided:

The following script was used to generate the above files:

Additionally, I present the following public repository of yara signatures, and related tools, for you:


tags: malware objdump asm lecture