MazeWalker - Enriching static malware analysis

Presented at REcon 2017, June 18, 2017, 2 p.m. (60 minutes)

MazeWalker - is a tool for conducting a static malware analysis with IDA. The analyzed binary execution is traced and analyzed to create a loose timeline of the execution from initial dropper till the full deployment. The tool enables the researcher to see the full picture and at the same time concentrate on s specific topic of the execution (Memory, Networking, Threads…)

Presenters:

• Yevgeniy Kulakov

Links:

• https://recon.cx/2017/montreal/talks/mazewalker.html
• https://infocon.org/cons/REcon/REcon 2017 Montreal/REcon 2017 Montreal presentations/RECON-MTL-2017-MazeWalker.pdf (slides)
• https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-MazeWalker.pdf

Tags:

• Malware

Similar Presentations:

• VB2017 / Malware deobfuscation: symbolic analysis to the rescue!
• Black Hat Europe 2016 / Code Deobfuscation: Intertwining Dynamic, Static and Symbolic Approaches
• DEF CON 30 (2022) / Master Class: Delivering a New Construct in Advanced Volatile Memory Analysis for Fun and Profit Workshop