Using the Bochs emulator to decrypt malware

In this video I show how to use the Bochs emulator debugger module in IDA to decrypt an APT malware to resolve the obfuscated Windows APIs in order to have a nicely readable IDA database to work on and determine what the malware does, how, etc... The malware was found in this blog post: https://securelist.com/lazarus-threatneedle/100803/ The malware hash is the following: 25f39131441056f4163d84b3094cdaea3c67f3d5723fd8077b687eb7cc92acc9 The Hex-Rays help for the Bochs emulator debugger plugin is here: https://www.hex-rays.com/products/ida/support/idadoc/1329.shtml The Bochs emulator can be downloaded from the following URL: https://bochs.sourceforge.io/