Dailydave mailing list archives

Re: VPC

From: Jared DeMott <demottja () msu edu>
Date: Sun, 24 Feb 2008 13:43:28 -0500

J.M. Seitz wrote:

Hey since everyone is having such a lively debate, and we all seem like
we wanna help, why not contribute? BoB (from PEid glory) and myself have
started a Malware and Unpacking Framework for ImmunityDebugger (MUFFI)
to help automate malware analysis tasks.

Some things that are in there so far:

- lots of anti-anti debugging routines
- VMWare cloaking
- ummm...some other stuff

It's all done in Python and uses the native ImmDbg libraries to do its
business. We never really "released" it but we are always looking for
people to contribute to the source tree. If a piece of malware is using
a specific mechanism to do VM/sandbox detection, then write the reverse
and send us a patch!

http://muffi.googlecode.com/

JS

Awesome as always JS.  :)  One slight thing that can sometimes be an 
issue; 1st responders can only spend so much time down in the weeds. 
Check out Steve's work:

http://code.google.com/p/rapier/

Freeware information gathering tool

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: VPC, (continued)
- - Re: VPC Halvar Flake (Feb 27)
- Re: VPC Thierry Zoller (Feb 22)
- Re: VPC Alexander Sotirov (Feb 24)
- Re: VPC Anthony Lineberry (Feb 28)
  - Re: VPC Matt Richard (Feb 29)
    - Re: VPC Jon Oberheide (Feb 29)
    - Re: VPC Andrew R. Reiter (Mar 03)
- Re: VPC Thierry Zoller (Feb 23)
  - Re: VPC Tyler (Feb 23)
    - Re: VPC J.M. Seitz (Feb 24)
    - Re: VPC Jared DeMott (Feb 25)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Feb 29)
  - Re: VPC Joanna Rutkowska (Feb 29)
    - Re: VPC Joanna Rutkowska (Feb 29)
- Re: VPC Rodrigo Rubira Branco (BSDaemon) (Mar 03)
  - Re: VPC don bailey (Mar 03)