Sandbox Tricks For Faster Reverse Engineering

Open Analysis Live! A quick tutorial on mapping output from your sandbox with disassembled code in IDA. How to quickly match API calls and locate interesting code sections! ----- OALABS DISCORD https://discord.gg/6h5Bh5AMDU OALABS PATREON https://www.patreon.com/oalabs OALABS TIP JAR https://ko-fi.com/oalabs OALABS GITHUB https://github.com/OALabs UNPACME - AUTOMATED MALWARE UNPACKING https://www.unpac.me/#/ ----- The sandbox run and the test binary can be found on Hybrid Analysis here: https://www.hybrid-analysis.com/sample/0e7a10d984f62562a2152a80039b2e36fbc5d70c4b449d57a3df56324f213ecf?environmentId=100 The source code for the test binary can be found on github here: https://gist.github.com/herrcore/1a39ed8701dac039c1568d62243a1924 Everyone's favorite open source sandbox: https://github.com/cuckoosandbox Our IDA Pro tips tutorial video: https://youtu.be/qCQRKLaz2nQ We are always looking for feedback, what did you like, what do you want to see more of, what do you want to see us analyze next? Let us know on twitter: https://twitter.com/herrcore https://twitter.com/seanmw As always check out our tools, tutorials, and more content over at http://www.openanalysis.net