IRC Botnet Reverse Engineering Part 1 - Preparing Binary for Analysis in IDA PRO

The first part of our in-depth malware reverse engineering series analyzing an IRC worm from 2010. In this part we use IDA Pro and Python to decrypt the strings and resolved the dynamic imports to prepare the binary for analysis.... ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs OALABS TIP JAR https://ko-fi.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- Automated Malware Unpacking https://www.unpac.me/ Unpacked binary (malshare) https://malshare.com/sample.php?action=detail&hash=51e49a9ca65fac6e43827738f90bc475 SHA256 hash: 4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619 IDA Pro string decryption script https://gist.github.com/herrcore/72b0d1e32f7f9b3c193fe368eb75c6f5 Hex Copy IDA plugin for fast data copy-paste https://gist.github.com/herrcore/01762779ae4ac130d3beb02bf8e99826 In-depth string decryption and import resolving video series with REvil ransomware: https://www.youtube.com/watch?v=0raUaL4TIo4&list=PLGf_j68jNtWG_H85OLEBpvkMSsREubo7n MalwareAnalysisForHedgehogs - Network Worm Basics https://youtu.be/LxajkPFJsIo Feedback, questions, and suggestions are always welcome : ) Sergei https://twitter.com/herrcore Sean https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at https://www.openanalysis.net #IDAPro #Botnet #MalwareAnalysis