資源簡介
這是由Michael Sikorski與Andrew Honig編寫的《惡意代碼分析實戰》課后的配套練習題。本書具有極強的實戰性,可以說是每一位惡意代碼分析師人手必備的經典。特別是每一章后面的配套練習,都是作者以自己的實戰經驗,結合該章節的內容而設計的,非常值得每一位讀者認真練習。但是由于該練習題庫在國內網站上并不提供,就算有也是可能需要積分之類,并且還不能保證該題庫沒有被加載額外的病毒木馬。于是我在作者的網站上下載了這一套題庫,提供給各位有興趣的讀者。需要特別說明的是,由于該練習題本身就是病毒木馬,所以大家一定要在虛擬機的環境下執行,并且在解壓縮時會被殺軟報毒,也請給位留意。
代碼片段和文件信息
from?idautils?import?*
from?idc?import?*
heads?=?Heads(SegStart(ScreenEA())?SegEnd(ScreenEA()))
antiVM?=?[]
for?i?in?heads:
if?(GetMnem(i)?==?“sidt“?or?GetMnem(i)?==?“sgdt“?or?GetMnem(i)?==?“sldt“?or?GetMnem(i)?==?“smsw“?or?GetMnem(i)?==?“str“?or?GetMnem(i)?==?“in“?or?GetMnem(i)?==?“cpuid“):
antiVM.append(i)
print?“Number?of?potential?Anti-VM?instructions:?%d“?%?(len(antiVM))
for?i?in?antiVM:
SetColor(i?CIC_ITEM?0x0000ff)
Message(“Anti-VM:?%08x\n“?%?i)?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????目錄???????????0??2012-02-06?23:03??Practical?Malware?Analysis?Labs\
?????目錄???????????0??2012-02-06?23:00??Practical?Malware?Analysis?Labs\BinaryCollection\
?????目錄???????????0??2012-02-06?22:56??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\
?????文件???????28672??2011-03-11?05:55??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-01.exe
?????文件????????3712??2012-01-14?04:13??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-01.sys
?????文件???????32768??2010-12-31?10:33??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-02.exe
?????文件???????24576??2011-11-22?05:38??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-03.exe
?????文件????????3584??2012-01-14?06:30??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_10L\Lab10-03.sys
?????目錄???????????0??2012-02-06?22:56??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\
?????文件???????53248??2011-11-20?18:00??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-01.exe
?????文件???????20480??2011-11-06?19:48??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-02.dll
?????文件??????????29??2011-11-06?11:03??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-02.ini
?????文件???????49152??2011-11-08?17:33??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-03.dll
?????文件???????49152??2011-11-19?11:34??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_11L\Lab11-03.exe
?????目錄???????????0??2012-02-06?22:56??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\
?????文件???????49152??2011-03-26?17:16??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-01.dll
?????文件???????36864??2011-11-05?17:28??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-01.exe
?????文件???????53248??2011-04-08?12:54??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-02.exe
?????文件???????24576??2011-03-16?01:00??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-03.exe
?????文件???????36864??2011-03-12?16:35??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_12L\Lab12-04.exe
?????目錄???????????0??2012-02-06?22:57??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\
?????文件???????32768??2011-11-08?18:03??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\Lab13-01.exe
?????文件???????32768??2011-11-14?15:47??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\Lab13-02.exe
?????文件???????77824??2011-11-17?18:04??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_13L\Lab13-03.exe
?????目錄???????????0??2012-02-06?22:57??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\
?????文件???????28672??2011-02-27?12:54??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\Lab14-01.exe
?????文件????????6656??2011-02-25?06:09??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\Lab14-02.exe
?????文件???????36864??2011-08-22?00:08??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_14L\Lab14-03.exe
?????目錄???????????0??2012-02-06?22:57??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_15L\
?????文件???????16384??2011-02-04?10:22??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_15L\Lab15-01.exe
?????文件???????16384??2011-11-16?17:11??Practical?Malware?Analysis?Labs\BinaryCollection\Chapter_15L\Lab15-02.exe
............此處省略63個文件信息
評論
共有 條評論