Hi! In your screenshot I'm decrypting an embedded, encrypted program from the original sample. The tool you see is Immunity Debugger (http://immunityinc.com/products-immdbg.shtml). However, it isn't quite as straightforward as taking a malware sample and asking Immunity Debugger to decrypt it. In this case, I analyzed the sample a bit and found the decryption loop, and what you see is me stepping the malware though this loop. So you actually need to understand a bit about how the malware in question works to do this. The other tool you see in the clip is the HIEW hex editor (http://www.hiew.ru/). I used it to decrypt the URL in the sample. For this to work, I had to reverse engineer the sample to recover the decryption routine. I then implemented the routine into HIEW to decrypt the string. Hope this helps, Antti
... View more
Hi, I'm Antti, the main lecturer of the university course you mentioned. The slides from the course lectures should be available here: https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot The slides are a good way to get started with what we call "reverse engineering", that is, trying to take apart applications to understand how they work. This is the most fundamental way to analyze malware. You'll find pointers to the tools we use: hex editors like HT (http://hte.sourceforge.net), disassemblers like IDA Pro (http://www.hex-rays.com/idapro/idadownfreeware.htm) and debuggers like OllyDbg (http://www.ollydbg.de). However, starting with reverse engineering is difficult without first knowing the engineering part: programming. Most of the malware we analyze is written in C or C++, so learning at least the basics of those languages is an important start. You could take a look at some of the tutorials here: http://www.cprogramming.com/tutorial.html#ctutorial. For programming on Windows, you may want to try the Visual C++ Express Edition: http://www.microsoft.com/express/Windows/. On Mac, Xcode (http://developer.apple.com/xcode/) offers something similar. A "softer" start to programming could be a language like Python. You'll get something useful done quicker, and you can move onto C and C++ and then reverse engineering as you go along. There are lots of nice tutorials on getting started with Python, like this from Google: http://code.google.com/edu/languages/google-python-class/ Good luck!
... View more