Skip to main content

Posts

Showing posts from May, 2020

Intro To Malware Analsys

Hi Folks, here I will analyze a malware which is possible packed with nspack. Details are below: SHA256: 5df0b1b07143c880c76d6e82253a20192981c83c3ea68bf86ffede6b17c01da4 File name: 5df0b1b07143c880c76d6e82253a20192981c83c3ea68bf86ffede6b17c01da4 First, we will do static analysis of the file. Using string utility: we see following things. most of the strings are obfuscated or encrypted content. we saw the strings like. nsp0 .nsp1. .nsp2.if  we google it we can know that it is a packer which based on NS packer. VirusTotal Analysis: Upon analysis using virus Total we saw detection 49 out of 55 which is a malicious in nature so we should unpack the malware because without unpacking the malware looks obfuscated and it is not possible to debug the instruction.it looks like below in IDA As we saw above we saw custom sections like ns0 ns1 ns2 and OEP starts with PUSHF PUSHA which is indication of a packer.we can confirm it