Dailydave mailing list archives
Re: VPC
From: Jared DeMott <demottja () msu edu>
Date: Sun, 24 Feb 2008 13:43:28 -0500
J.M. Seitz wrote:
Hey since everyone is having such a lively debate, and we all seem like we wanna help, why not contribute? BoB (from PEid glory) and myself have started a Malware and Unpacking Framework for ImmunityDebugger (MUFFI) to help automate malware analysis tasks. Some things that are in there so far: - lots of anti-anti debugging routines - VMWare cloaking - ummm...some other stuff It's all done in Python and uses the native ImmDbg libraries to do its business. We never really "released" it but we are always looking for people to contribute to the source tree. If a piece of malware is using a specific mechanism to do VM/sandbox detection, then write the reverse and send us a patch! http://muffi.googlecode.com/ JS
Awesome as always JS. :) One slight thing that can sometimes be an issue; 1st responders can only spend so much time down in the weeds. Check out Steve's work:
http://code.google.com/p/rapier/ Freeware information gathering tool
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: VPC, (continued)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Feb 29)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Mar 03)
- Re: VPC don bailey (Mar 03)