Dailydave mailing list archives
Re: VPC
From: "J.M. Seitz" <jms () bughunter ca>
Date: Sat, 23 Feb 2008 19:48:18 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey since everyone is having such a lively debate, and we all seem like we wanna help, why not contribute? BoB (from PEid glory) and myself have started a Malware and Unpacking Framework for ImmunityDebugger (MUFFI) to help automate malware analysis tasks. Some things that are in there so far: - - lots of anti-anti debugging routines - - VMWare cloaking - - ummm...some other stuff It's all done in Python and uses the native ImmDbg libraries to do its business. We never really "released" it but we are always looking for people to contribute to the source tree. If a piece of malware is using a specific mechanism to do VM/sandbox detection, then write the reverse and send us a patch! http://muffi.googlecode.com/ JS ps. You're never gonna win the war against malware, and yes the people behind the monitor are the key. Hence, we should spend our time enhancing the tools that we do have instead of having a running commentary about how crappy a certain subset of tools are at dealing with a particular subset of malware variants. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfA6QIACgkQKEj7ZJktQNvTRgCgnI23Llt5dcR9aQ0317Zg7NhM SscAni+RWmUM/hVu+s5QlHDa/4P0YgAR =Ml12 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave