The screenshot above also shows the ‘entropy’ of the malware. A list of strings is also pulled however if the sample is packed this may not return any strong IOCs, unpacking the sample, and then reviewing the strings will often provide useful information such as malicious domains and IP addresses. Once a binary has been loaded it will quickly provide the user with hashes of the malware and any detections found in VirusTotal. This is an excellent tool for conducting an initial triage of a malware sample and allows me to quickly pull out any suspicious artifacts. My first port of call for analyzing a Windows executable is always PeStudio.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |