MyNav, a python plugin for IDA Pro
MyNav is an Open Source IDAPython plugin for the commercial disassembler IDA Pro to be released on July 2010. The plugin adds a lot of new features only available in other products like in the well known Zynamics BinNavi or HB Gary's Inspector. In this blog post I will show you some of the features available in the current version with some examples.
Antiemulation Techniques (Malware Tricks II)
From time to time, when reversing malware, I find new antiemulation techniques as they are widely used by malware to evade detection by AVs that uses emulation, however, it seems that no one wrote about them maybe because there are a lot or, maybe, because they aren't very interesting. Anyway, a friend and I decided to look for antiemulation techniques and we found a bunch of them in just about 2 days. Surprise. Well, the following is a list of antiemulation techniques "found" by us.
Pyew! A Python tool to analyze malware
Working in a disassembler with code analysis to speed up (graph) analysis of malware dumps (malware dumped from memory while running) I decided to write a tool using this core oriented to malware analysis and the result is Pyew!
Malware Tricks I
Today, while analyzing a family of malwares (the familiy called by some vendors as "Krap") I noticed a good and new, at least for me, antiemulation technique. What do you think this sample code does?
-
; Do stuff...
-
-
start:
-
push offset some_func
-
jmp edx