How I Debug DLL Malware (Emotet)

  Рет қаралды 16,017

Anuj Soni

Anuj Soni

Күн бұрын

Пікірлер
@therelatableladka
@therelatableladka 9 ай бұрын
Please don't stop uploading, the quality and video knowledge is very good. I even recommended this to my friends.
@sonianuj
@sonianuj 9 ай бұрын
Really appreciate you recommending my content to others! More to come.
@noobsplain
@noobsplain Жыл бұрын
I'm with the other guy who said the video length/format is great. Sometimes I just want a concise rundown as a refresher or to get new ideas from instead of a movie-length video- although there is a place for deep dives like that. Thanks!
@sonianuj
@sonianuj Жыл бұрын
Thanks for watching!
@mw_lewlew
@mw_lewlew Жыл бұрын
I usually find malware vids very boring and hard to follow but the way you explain and present everything is perfect
@sonianuj
@sonianuj Жыл бұрын
Thank you for that feedback. Comments like this push me to release more videos.
@cyrussecurity
@cyrussecurity Жыл бұрын
This was fantastic. Big fan of these videos and the length/format. Would love a video on obtaining bad samples, and actually the process of gathering new malicious files that still need to be analyzed.
@jordanj6841
@jordanj6841 28 күн бұрын
I'd personally love to see more videos on DLL analysis in this format. Explanations are perfect in length and detail, although I'd suggest possibly slowing down delivery a touch!
@sonianuj
@sonianuj 27 күн бұрын
Thanks for leaving a comment! If you have any specific feedback on what sort of DLL analysis you would like to see, please let me know. And appreciate the note on slowing down!
@jacktaubl48
@jacktaubl48 Жыл бұрын
This is the best explanation I have seen for a topic that stumps alot of junior reversers. Great video.
@sonianuj
@sonianuj Жыл бұрын
Wow, thanks!
@blueteams5495
@blueteams5495 Жыл бұрын
Love to see frequent upload of videos. Thanks for sharing another valuable technique. Could please have a video on analyzing sys files in your futures. Thanks in advance!
@sonianuj
@sonianuj Жыл бұрын
That’s a great idea, thank you!
@blueteams5495
@blueteams5495 Жыл бұрын
@@sonianuj Thanks for your comment. Will be waiting for it eagerly😀😁
@0xgodson119
@0xgodson119 4 ай бұрын
I usually don't comment on a video unless I need to, but you did great work in this video, and it is very valuable. Please make more videos!
@sonianuj
@sonianuj 4 ай бұрын
Thanks so much, that means a lot!
@THEdarkkman
@THEdarkkman 5 ай бұрын
I started learning not long ago, but your explanation is so good I was able to keep track and understand of what you were doing.
@sonianuj
@sonianuj 4 ай бұрын
Wonderful to hear, thank you!
@wes7919
@wes7919 Жыл бұрын
Great work Anuj! Subbed can't wait for more videos.
@sonianuj
@sonianuj Жыл бұрын
Thank you!
@anantP-ip8op
@anantP-ip8op Жыл бұрын
Thanks a lot for making free videos for the community. Technical details are really helpful. You are doing awesome!
@sonianuj
@sonianuj Жыл бұрын
Thank you for the encouragement!
@vinyldown8490
@vinyldown8490 4 ай бұрын
PLEASE DO MORE! THIS WAS SO GOOD
@sonianuj
@sonianuj 3 ай бұрын
Working on it :-)
@threathunter369
@threathunter369 Жыл бұрын
Nice presentation, Do more Debugging on Malwares , Thank You
@sonianuj
@sonianuj Жыл бұрын
Will do! Thanks for watching.
@cpatocybersecurity
@cpatocybersecurity Жыл бұрын
Great production value and cool demo
@sonianuj
@sonianuj Жыл бұрын
Thanks for watching!
@boggavarapuramsaransaisrin9316
@boggavarapuramsaransaisrin9316 Жыл бұрын
Hi Anuj, great presentation. How we can handle DLL which is packed and no information is available on internet.
@sonianuj
@sonianuj Жыл бұрын
This will depend on how it’s packed, but setting a breakpoint on VirtualAlloc often leads to progress. If you have an example in mind, I’m happy to take a look and discuss in a video!
@Istoriaby
@Istoriaby 9 ай бұрын
very underated channel! hope you get the attention you deserve this is high quality content
@sonianuj
@sonianuj 9 ай бұрын
Thank you so much!
@dattatreysharma7161
@dattatreysharma7161 Жыл бұрын
Such a cool Explanation... Thanks Anuj !
@sonianuj
@sonianuj Жыл бұрын
Glad you liked it!
@pixelcatcher123
@pixelcatcher123 9 ай бұрын
is it possible, to inspect a dll when and where exactly its injected and what functions it has or will hooked? im n absoult beginner so i not rly understand assembly, i guess if u understand it everything might be opensource ?
@sonianuj
@sonianuj 9 ай бұрын
Hi there, thanks for stopping by! Yes you can debug a DLL to examine when and how it injects or hooks code. Check out my API unhooking video for some information on that last one. And disassembling a program definitely give you insight into how it works. A good decompiler can approximate source code, but this can be challenging, especially if there is obfuscation involved.
@pixelcatcher123
@pixelcatcher123 9 ай бұрын
@@sonianujGratefully thanks, Content like this are very important. I will for sure dive in this topics. Take Care !
@TheRealBards
@TheRealBards Жыл бұрын
Great video, thank you for sharing.
@sonianuj
@sonianuj Жыл бұрын
Thanks for watching!
@MoisesCerqueira-fv6hb
@MoisesCerqueira-fv6hb 6 күн бұрын
Awesome content. Perfect explanation and very educative. Greetings from Brazil
@sonianuj
@sonianuj 6 күн бұрын
Very much appreciate the feedback!
@dxlge
@dxlge Ай бұрын
really underrated, great video
@sonianuj
@sonianuj Ай бұрын
Appreciate it!
@RickHenderson
@RickHenderson 6 ай бұрын
This was great. Excellent info.
@sonianuj
@sonianuj 6 ай бұрын
Glad you enjoyed it!
@abhisheksaigiridhari5166
@abhisheksaigiridhari5166 Жыл бұрын
Hey there. Great Insights man, thankyou for this video. I had a question though, What to do if there are 0 export functions present in the dll file. How to analyse it then? Like the score on VT shows that its malicious but then without running it how can u determine. I'm asking specifically for Dynamic Analysis not the Reverse Engineering part
@sonianuj
@sonianuj 9 ай бұрын
Hi there, my apologies for the delay in responding. If there are zero export functions, I would expect the malicious code to be launched from DllMain. Behaviorally you should be able to launch it with rundll32 without specifying an entry point.
@MsDuketown
@MsDuketown Жыл бұрын
Cool Channel, and nice vid about ms.dll's. For me, splitting Excel formats based on date really helped, since Excel is industry default since forever. I also use it to find maximums, like IE11.0.04 for last IE 32-bit. These VM's need maintenance you know.. This is handy when digging deeper, specifically if VBA (XLL-add-ins, odbc, ado, activex) or Powershell is involved.. Programatically, 64-bit time_t and 32-bit tm_year are important in calcs. btw.. "Behaviourial analysis" is too functional for a technical task. To kickstart dynamic analysing the public blobs, with Microsoft Primitive Provider using * SHA256, HASH, AES and * ObjectLength * KeyDataBlob * clean up the output, ie. with ssconvert (gnumeric)
@antonborkov8517
@antonborkov8517 Жыл бұрын
Awesome Thanks!
@wise_one45
@wise_one45 Жыл бұрын
I am assuming while looking at the code in a dissassembler you either stumble across the MZ header? I guess you are trying to keep the videos short and sweet but it would have been nice to see your approach of discovering that. The whole time in the video i was asking. How did he find that?😅
@sonianuj
@sonianuj Жыл бұрын
Hi, sorry for the delay in responding. Great point, I could have done a better job of explaining this observation. The fastest way to identify the function that checks for an MZ header is Mandiant's capa tool (github.com/mandiant/capa). If you aren't familiar with this tool, check out my latest video on the FBI's Qakbot takedown (kzbin.info/www/bejne/kHW7oqWcfJybjcUsi=rCXhCYFbGlRJeuHD) - I cover it there. Thanks for watching!
@Laylaa320
@Laylaa320 9 ай бұрын
Can dll malware infect your computer even, if you are not clicking to .exe? Without dll being imported to .exe just export itself like could dll without execution .exe only download dll file do rat, redline stealer, rootkits or other malwares? Someone experienced this?
@Laylaa320
@Laylaa320 9 ай бұрын
Is there to unpack rar/zip file with pw in ida pro/ghidra directly?
@prashilmoon1083
@prashilmoon1083 Жыл бұрын
It was great video.. Can you please debug dumped file as well? I tried to debug this payload but not getting much observations..
@sonianuj
@sonianuj Жыл бұрын
Hi there, thanks for watching. Perhaps I’ll debug the second stage in a later video thanks.
@kiaraki7186
@kiaraki7186 8 ай бұрын
thank you , this was helpful
@sonianuj
@sonianuj 8 ай бұрын
Glad it helped!
@johnvardy9559
@johnvardy9559 2 ай бұрын
Great work
@sonianuj
@sonianuj 2 ай бұрын
Thank you so much 😀
@charsetUTF-8
@charsetUTF-8 9 ай бұрын
thanks for helpful!!!
@sonianuj
@sonianuj 9 ай бұрын
Happy to help!
@abhisheksaigiridhari5166
@abhisheksaigiridhari5166 Жыл бұрын
Hey there. Great Insights man, thankyou for this video. I had a question though, What to do if there are 0 export functions present in the dll file. How to analyse it then? Like the score on VT shows that its malicious but then without running it how can u determine. I'm asking specifically for Dynamic Analysis not the Reverse Engineering part
@sonianuj
@sonianuj Жыл бұрын
Even with no exports, code at the entry point of a DLL will still be executed - so I would start debugging there. Hope that helps!
How to Crack Software (Reverse Engineering)
16:16
Eric Parker
Рет қаралды 787 М.
Decode Malware Strings with Conditional Breakpoints
21:08
Anuj Soni
Рет қаралды 2,7 М.
Tuna 🍣 ​⁠@patrickzeinali ​⁠@ChefRush
00:48
albert_cancook
Рет қаралды 148 МЛН
Правильный подход к детям
00:18
Beatrise
Рет қаралды 11 МЛН
How I Execute Malicious Services
12:42
Anuj Soni
Рет қаралды 3,5 М.
Trolling Hackers with a Honeypot and how you can too
20:08
Gnar Coding
Рет қаралды 12 М.
Malware Demo and Tutorial
57:03
David Bombal
Рет қаралды 32 М.
Analyzing the FBI's Qakbot Takedown Code
22:58
Anuj Soni
Рет қаралды 6 М.
Malware development 101: Creating your first ever MALWARE
28:00
Leet Cipher
Рет қаралды 396 М.
Anti Reverse Engineering | How Hackers Make Malware Undetectable & Difficult to Analyze | TryHackMe
35:49
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 1,1 М.
Hacking An Obscure Game From 2000 To Run On Windows 11
16:22
Nathan Baggs
Рет қаралды 107 М.
Shellcode Analysis - Part 1: Extraction with x64dbg
11:11
Anuj Soni
Рет қаралды 2,1 М.
Malware Evasion Techniques: API Unhooking
22:32
Anuj Soni
Рет қаралды 3,9 М.