MyCERT have been developing a few analysis tools for reversing. MySuntikanAPI is still in alpha version and need more improvement. Every hooked API will capture detail information to make sure we don’t miss any behavior especially in malware sample. API Hooking is same as IAT hooking. One of the tools that we created is called […]
Hooking pBot
I’m working on analyzing remote file inclusion (RFI) code. For pBot class which uses an IRF server as their command and control (C&C) , we are interested to get the IP addresses of the C&C, the channel name and the nickname used to connect to irc server. Below are sample of output: ok! (host=irc.server_name.net, port=6667, […]