Reverse-Engineering of Malware | REMnux v.2.0
Friday, January 28, 2011
0
comments
Reverse-Engineering of Malware | REMnux v.2.0
ReMnux V.2.0 is launched. It is a lightweight Linux distribution tool for assisting malware analysts in reverse-engineering of malicious software. Visit REMnux's main page for download ReMnux as a virtual appliance and as a Live CD. The distribution of ReMnux is based on Ubuntu and is maintained by Lenny Zeltser. REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.
Malicious Website Analysis
REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.
REMnux includes the updated version of Jsunpack-n, which includes a number of new features, such as proxy support, improved handling of encrypted PDFs, and other updates.
Stunnel is now installed to assist with the interception of SSL sessions in the malware analysis lab.
REMnux now includes the RABCDAsm toolkit for reverse-engineering malicious Flash (SWF) programs. This includes:
- rabcdasm: ActionScript 3 (ABC) disassembler
- rabcasm: ABC assembler
- abcexport: ABC extractor
- abcreplace: Replaces ABC in SWF files
- swfdecompress: SWF file decompressor
Read More on Lenny Zeltser's blog
0 comments:
Post a Comment