Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Live Sex ThePornDude
Home Artists Posts Import Register

Live Stream VOD: (Clip) How To Setup IDA Pro For Delphi Analysis With Zeppelin Ransomware (Patreon)

Published:
2021-12-23 04:02:34
Imported:
2022-12

Content

Twitch live stream (clip). We take a look at Zeppelin Ransomware which is developed in Delphi. We go through the steps to correctly set up IDA Pro for analysis of a Delphi compiled binary including installing and using IDR (Interactive Delphi Reconstructor). 

We don't start reverse engineering but our IDA configuration might be useful for other Delphi malware. 


Zeppelin sample available on Malshare:

522d6e25e6b7062786b699c76d46c2a510d94ca0760447a1d0951a6718fc9774 


IDR GitHub:

https://github.com/crypto2011/IDR   

Files

Live Stream VOD: (Clip) How To Setup IDA Pro For Delphi Analysis With Zeppelin Ransomware

This is "Live Stream VOD: (Clip) How To Setup IDA Pro For Delphi Analysis With Zeppelin Ransomware" by OALABS on Vimeo, the home for high quality videos...

Comments

m4n0w4r

Note here for other ref: http://www.youngroe.com/2019/07/01/Windows/delphi_reverse_summary/

Hero Intros&Templates

Hey I'm new here , just signed in today , can you explain to me why Delphi compiler is so hard to reverse ? I had tackled a CTF that was compiled with Delphi and I had no idea what to do hahahaha.

oalabs
>>117348828

That's a great question for the discord, make sure you link your patreon and join us! The tl;dr is just that Delphi uses a different calling convention and string indexing so it can be uncomfortable to reverse at first.