Presentation
Malwasm is a tool based on Cuckoo Sandbox available here.Malwasm was designed to help people that do reverse engineering. Malwasm step by step:
- the malware to analyse is executed through Cuckoo Sandbox
- during the execution, malwasm logs all activites of the malware with pintool
- all activities are stored in a database (Postgres)
- a web service is available to visualize and manage the data stored in the database
Features
Malwasm provides these features:- offline programs debugging
- possibility to go back or forward in the execution's time (with a time slide bar)
- states of registers and flags
- values of the stack/heap/data
- "Following dump" options
- fully works in the browser
Screenshots
Open data in the database:Example of analysis of LoadLibrary():
Example of analysis of GetProcAdress():
Example of encrypted data:
Example of decrypted data:
沒有留言:
張貼留言