Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Telegram Live Sex ThePornDude
Home Artists Posts Import Register

Live Stream VOD: Reverse Engineering Polyglot Dropper Malware STL C++ Stage 3 (Patreon)

Published:
2022-02-26 00:01:47
Imported:
2022-12

Downloads

Content

In this Twitch stream we reverse engineer the third stage of a polyglot JPG dropper that was distributed via WeChat.

Sample: 7d47e5871efc4c079531513f29926d394922d7954701f34dc6244ea311d20969 

The malware is possibly related to Ghost RAT, based on the use of the export PluginMe.

Full notes can be found in our Lab-Notes

MÖBIUS STRIP REVERSE ENGINEERING

During the stream we received a lot of help from Rolf of Möbius Strip Reverse Engineering. He helped us understand some of the STL type information and after the stream he created a marked-up IDB that can be used as a reference for this binary. 

We are very grateful to Rolf, and would encourage anyone who is interested in advanced reverse engineering courses to check out his courses

Rolf IDB: polyglot.idb 

Rolf STL Types script: STL_Types.py 

For those who have older versions of IDA I have attached an IDC script that can be used to create most of the mark-down from Rolf's IDB.

Files

Live Stream VOD: Reverse Engineering Polyglot Dropper Malware Stage 3

This is "Live Stream VOD: Reverse Engineering Polyglot Dropper Malware Stage 3" by OALABS on Vimeo, the home for high quality videos and the people who...

Comments

m4n0w4r

I recommend this stream to everyone! When I opened guru Rolf's IDB, all I could say was "What the fuck! What has he done! An incredibly beautiful IDB! Respect Rolf!!!