We can see here there are quite a few flags being raised, most notably: So, using pestudio, I may be able to get some hints. Since VT wasn’t helpful, I needed to get a better understanding of what this file is and what it can do. Okay, so there are some detections but it seems to be a pretty generic and it doesn’t really help me much. The first thing I do is upload the sample to VirusTotal (VT) to see if this has already been detected or not, or just to try and get a general overview of what I might be dealing with. With all things hacking, recon should be the first step towards understanding the target. Additionally, the content of the file being analysed is checked against several white and black lists and thresholds.Nothing extraordinary, these are entirely optional and is not needed to understand the analysis.Īnalysis Static Analysis VirusTotal - Firestorm.exe Result is checked against the Microsoft specification. Pestudio implements a rich set of features that is especially designed to retrieve every single detail of any executable file. Since the file being analyzed is never started, you can inspect any unknown or malicious executable file and even ransomware without a risk of infection. The tool uses a powerful parser and a flexible set of configuration files that are used to provide many of indicators and determine thresholds. The goal of pestudio is to spot these artifacts in order to ease and accelerate the Malware Initial Assessment. In doing so, it often leaves suspicious patterns, unexpected metadata, and sometimes even anomalies. Malicious software often attempts to hide its intents in order to evade early detection and static analysis. Pestudio is a tool that is used in many Cyber Emergency Response Teams (CERT) worldwide in order to perform malware initial assessment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |