[Dailydave] VPC
Jared DeMott
demottja at msu.edu
Sun Feb 24 13:43:28 EST 2008
J.M. Seitz wrote:
> Hey since everyone is having such a lively debate, and we all seem like
> we wanna help, why not contribute? BoB (from PEid glory) and myself have
> started a Malware and Unpacking Framework for ImmunityDebugger (MUFFI)
> to help automate malware analysis tasks.
>
> Some things that are in there so far:
>
> - lots of anti-anti debugging routines
> - VMWare cloaking
> - ummm...some other stuff
>
> It's all done in Python and uses the native ImmDbg libraries to do its
> business. We never really "released" it but we are always looking for
> people to contribute to the source tree. If a piece of malware is using
> a specific mechanism to do VM/sandbox detection, then write the reverse
> and send us a patch!
>
> http://muffi.googlecode.com/
>
> JS
Awesome as always JS. :) One slight thing that can sometimes be an
issue; 1st responders can only spend so much time down in the weeds.
Check out Steve's work:
> http://code.google.com/p/rapier/
>
> Freeware information gathering tool
>
More information about the Dailydave
mailing list