-
-
[推荐][推荐]关于沙箱和BSA
-
发表于: 2013-2-2 18:03
-
有些同学可能在苦找一个能在本地可用的沙箱工具,这里我给出下载链接(均可免费下载):1.沙箱:259K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4S2L8X3c8T1L8%4S2A6k6g2)9J5k6h3y4G2L8g2!0q4c8W2!0n7b7#2)9&6b7g2!0q4y4W2!0n7x3W2)9&6z5g2!0q4y4#2!0m8c8g2!0n7x3g2!0q4y4g2!0n7y4#2!0m8y4g2!0q4y4g2)9^5y4g2!0n7y4#2!0q4c8W2!0n7b7#2)9^5b7#2!0q4y4g2)9&6b7#2!0m8z5q4!0q4y4g2)9^5y4g2!0n7y4W2!0q4y4q4!0n7z5q4!0m8c8q4!0q4z5q4!0n7c8W2)9&6x3q4!0q4z5q4!0m8x3g2)9^5b7#2!0q4y4#2)9&6y4#2)9^5y4g2!0q4y4W2!0m8c8W2)9&6x3W2!0q4z5g2)9&6z5q4!0n7x3W2!0q4y4W2!0m8c8q4!0m8x3W2!0q4y4W2)9^5y4q4)9&6c8W2!0q4y4W2)9&6c8W2)9&6x3#2!0q4y4g2!0m8c8g2!0n7c8W2!0q4y4q4!0n7z5q4!0n7b7W2!0q4y4q4!0n7z5q4!0n7b7W2!0q4y4W2)9&6b7#2!0n7b7g2!0q4c8W2!0n7b7#2)9&6b7R3`.`.
2.分析工具:f9cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3u0K6j5g2)9J5k6h3W2K6L8$3k6@1N6$3q4J5k6g2)9J5k6h3&6D9i4K6u0r3i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1q4r3i4@1p5#2i4@1f1#2i4@1t1%4i4@1p5#2i4@1f1#2i4K6R3#2i4@1t1%4i4@1f1#2i4K6V1J5i4K6S2o6i4@1f1$3i4@1t1J5i4K6V1&6i4@1f1%4i4@1q4q4i4@1t1I4i4@1f1&6i4K6R3#2i4K6S2p5i4@1f1#2i4K6V1H3i4K6R3^5i4@1f1^5i4@1u0r3i4K6V1H3i4@1f1^5i4@1p5I4i4K6S2o6i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4K6R3K6i4@1u0p5i4@1f1#2i4@1t1H3i4K6R3$3i4@1f1$3i4@1t1J5i4K6V1&6i4@1f1%4i4@1q4q4i4@1t1I4i4@1f1@1i4@1t1^5i4@1q4p5i4@1f1^5i4@1u0r3i4K6V1H3i4@1f1^5i4@1p5I4i4K6S2o6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1%4i4K6V1%4i4K6R3#2i4@1f1$3i4@1q4r3i4K6V1J5i4@1f1^5i4@1p5I4i4K6S2o6i4@1f1@1i4@1t1^5i4@1u0m8i4@1f1^5i4@1q4q4i4@1t1H3i4@1f1#2i4@1u0p5i4K6V1#2i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1#2i4K6S2o6i4K6R3#2i4@1f1$3i4K6S2n7i4@1q4o6i4@1f1$3i4K6R3&6i4@1p5%4i4@1f1^5i4@1p5I4i4K6S2o6i4@1f1%4i4K6W2m8i4K6R3@1b7g2m8u0i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1@1i4@1u0n7i4@1p5#2i4@1f1#2i4K6S2r3i4K6S2m8i4@1f1#2i4@1q4r3i4@1t1&6i4@1f1#2i4@1q4q4i4@1u0r3i4@1f1@1i4@1t1^5i4@1u0n7i4@1f1@1i4@1t1^5i4@1u0n7i4@1f1$3i4K6W2o6i4@1u0m8i4@1f1$3i4K6V1$3i4K6R3%4i4@1f1@1i4@1u0n7i4@1t1$3i4@1f1%4i4@1t1K6i4@1u0n7i4@1f1%4i4@1u0n7i4K6W2r3i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1$3i4@1t1K6i4@1p5^5i4@1f1#2i4K6R3$3i4K6S2o6i4@1f1^5i4@1p5I4i4@1p5^5i4@1f1K6i4K6R3H3i4K6R3I4i4@1f1%4i4@1u0p5i4K6V1I4i4@1f1%4i4@1u0n7i4K6W2o6i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4@1u0p5i4@1t1I4i4@1f1#2i4K6V1K6i4K6S2p5i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1u0r3i4K6V1^5i4@1f1$3i4K6W2o6i4K6R3&6i4@1f1^5i4@1p5J5i4@1q4n7i4@1f1^5i4@1q4q4i4@1p5@1i4@1f1@1i4@1t1^5i4@1u0m8i4@1f1#2i4K6S2r3i4@1q4r3i4@1f1%4i4K6V1$3i4K6V1I4i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1^5i4@1p5I4i4K6S2o6i4@1f1@1i4@1t1^5i4@1u0m8i4@1f1%4i4@1q4p5i4K6R3&6i4@1g2r3i4@1u0o6i4K6W2n7
3.以上两款工具的配置应该大2中网站中有录像,非常实用。
4.关于我是如何分析病毒的,我简单说下:一般我先通过沙箱观察可疑代码的行为,找到其中的关键API,然后再通过静态分析工具如IDA等看这些API周边代码。当然,这是不完全的,比如很多恶意行为在沙箱中根本没激活,那么你就需要分析导入表中的可疑API再找相关代码了。先简单说这么多。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
