Hacker News new | past | comments | ask | show | jobs | submit login

As far as the 3 first stages are concerned that article adds little to what has been known for 2 weeks. Just a nice write-up with flow charts.

But the analysis of the binary in that detail seems new to me.

So how has the source code shown there been produced? Running a disassember, understanding what the code does and renaming everything to descriptive names? That looks quite like quite an achievement in 2 weeks.




>Authors GReAT

>Global Research & Analysis Team, Kaspersky Lab

https://securelist.com/author/great/

The article is apparently authored by malware analysis team from Kaspersky Lab, so they are probably quite good at reverse engineering binaries.


Sure. But that does not answer any questions about their tooling or methods. Considered a business secret? They present the readable C code of the binary payload like it has appeared just out of the blue.


They're using IDA Pro, with names that they presumably came up with themselves by analyzing what the code does.


The tool used in those white screenshots is called IDA pro, a decompiler.

https://hex-rays.com/ida-pro/




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: