Palo Alto Networks

IDAPro

Using IDAPython to Make Your Life Easier: Part 5

We continue our series on using IDAPython to make things easier for reverse-engineers by tackling a problem malware analysts deal with on an almost daily basis: extracting embedded executables. Malware will often store embedded executables in a number of ways. Some examples include attaching these files in the file’s overlay, including them as a PE resource, or storing them in a buffer within the malware....

Jan 14, 2016

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.