CS6038/CS5138 Malware Analysis, UC

Course content for UC Malware Analysis

View on GitHub
16 February 2020

Immunity Debugger View and Description

by Coleman Kane

The previous week introduced you to some of the Immunity Debugger interface, as well as offered 3 walk-throughs for Immunity Debugger. This week we will dive into a few analysis exercises that give you further tools that will be useful in Malware Analysis. I’ll give some demonstration code that illustrates some common challenges you’re likely to encounter in malware analysis, and how to use the tool to analyze and understand them.

First, I’ll do a short review of the features of Immunity Debugger.

Immunity Debugger

This is the view of Immunity Debugger when you first open up a new EXE file in it. It is divided up into 4 primary quadrants, which I have labeled above. It is important to remember that when the debugger starts up, the program it is analyzing is in “paused” mode, so it is taking no action and you can analyze it freely.

The Program Control Toolbar

Additionally, there is a toolbar above the disassembly view, which provides single-click access to a number of common functions.

Immunity Debugger Toolbar

From left to right, the graphic icons represent:

The Window Quick-Access Toolbar

Following these are 14 alphabetic buttons that display various windows:

home

tags: malware - immunity debugger - disassembly - lecture