資源簡介
這是由Michael Sikorski與Andrew Honig編寫的《惡意代碼分析實戰》課后的配套練習題。本書具有極強的實戰性,可以說是每一位惡意代碼分析師人手必備的經典。特別是每一章后面的配套練習,都是作者以自己的實戰經驗,結合該章節的內容而設計的,非常值得每一位讀者認真練習。但是由于該練習題庫在國內網站上并不提供,就算有也是可能需要積分之類,并且還不能保證該題庫沒有被加載額外的病毒木馬。于是我在作者的網站上下載了這一套題庫,免積分提供給各位有興趣的讀者。需要特別說明的是,由于該練習題本身就是病毒木馬,所以大家一定要在虛擬機的環境下執行,并且在解壓縮時會被殺軟報毒,也請給位留意。
代碼片段和文件信息
from?idautils?import?*
from?idc?import?*
heads?=?Heads(SegStart(ScreenEA())?SegEnd(ScreenEA()))
antiVM?=?[]
for?i?in?heads:
if?(GetMnem(i)?==?“sidt“?or?GetMnem(i)?==?“sgdt“?or?GetMnem(i)?==?“sldt“?or?GetMnem(i)?==?“smsw“?or?GetMnem(i)?==?“str“?or?GetMnem(i)?==?“in“?or?GetMnem(i)?==?“cpuid“):
antiVM.append(i)
print?“Number?of?potential?Anti-VM?instructions:?%d“?%?(len(antiVM))
for?i?in?antiVM:
SetColor(i?CIC_ITEM?0x0000ff)
Message(“Anti-VM:?%08x\n“?%?i)?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件??????28672??2011-03-11?05:55??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-01.exe
?????文件???????3712??2012-01-14?04:13??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-01.sys
?????文件??????32768??2010-12-31?10:33??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-02.exe
?????文件??????24576??2011-11-22?05:38??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-03.exe
?????文件???????3584??2012-01-14?06:30??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-03.sys
?????文件??????53248??2011-11-20?18:00??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-01.exe
?????文件??????20480??2011-11-06?19:48??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-02.dll
?????文件?????????29??2011-11-06?11:03??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-02.ini
?????文件??????49152??2011-11-08?17:33??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-03.dll
?????文件??????49152??2011-11-19?11:34??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-03.exe
?????文件??????49152??2011-03-26?17:16??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-01.dll
?????文件??????36864??2011-11-05?17:28??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-01.exe
?????文件??????53248??2011-04-08?12:54??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-02.exe
?????文件??????24576??2011-03-16?01:00??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-03.exe
?????文件??????36864??2011-03-12?16:35??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-04.exe
?????文件??????32768??2011-11-08?18:03??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\Lab13-01.exe
?????文件??????32768??2011-11-14?15:47??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\Lab13-02.exe
?????文件??????77824??2011-11-17?18:04??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\Lab13-03.exe
?????文件??????28672??2011-02-27?12:54??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\Lab14-01.exe
?????文件???????6656??2011-02-25?06:09??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\Lab14-02.exe
?????文件??????36864??2011-08-22?00:08??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\Lab14-03.exe
?????文件??????16384??2011-02-04?10:22??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_15L\Lab15-01.exe
?????文件??????16384??2011-11-16?17:11??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_15L\Lab15-02.exe
?????文件??????16384??2011-11-16?18:47??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_15L\Lab15-03.exe
?????文件??????61440??2011-10-20?11:42??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_16L\Lab16-01.exe
?????文件??????45056??2011-11-02?23:19??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_16L\Lab16-02.exe
?????文件??????36864??2011-10-22?14:36??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_16L\Lab16-03.exe
?????文件????????480??2011-11-30?18:14??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_17L\findAntiVM.py
?????文件??????36864??2011-10-22?22:37??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_17L\Lab17-01.exe
?????文件?????134160??2011-10-23?14:45??PracticalMalwareAnalysis-Labs\Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_17L\Lab17-02.dll
............此處省略69個文件信息
評論
共有 條評論
川公網安備 51152502000135號