Alien Autopsy: Reverse Engineering Win32 Trojans on Linux

by Joe Stewart
Sept. 24, 2017 1 comment Symantec reversingprocess

n my last article, Reverse Engineering Hostile Code, I described the tools and processes involved in basic reverse engineering of a simple trojan. This article will offer a more detailed examination of the reversing process, using a trojan found in the wild. At the same time, this article will discuss some techniques for reversing Windows-native code entirely under Linux. As an added bonus, all the tools used in this article are either freeware or free software. They are: Wine - the Win32 API implementation for Unix; gdb - our favorite Unix debugger and disassembly environment; and, IDA Pro Freeware Version - Win32 disassembler (runs on Linux under Wine release 20021007, may run under other versions as well).

2flash 7 months, 1 week ago

Love the title! Engaging title, great article! Big up!