Binary Files Analysis

Previously, Jeff Genari discussed the structure of analysis and analysis of binary data Pharos to support reverse design of binary files with an emphasis on the analysis of malicious code. He updated our infrastructure in Github to include many new tools, improvements and bug fixes. In this post, he will focus on the changes associated with specific tools.

Another new item in this release is the PyObjDigger plugin for the IDA Pro Disassembler that is included the tools/objdigger/ida directory in the repo. This plugin allows analysts to ingest, view, and modify ObjDigger results directly into IDA Pro. And also a completely new tool included in this release is CallAnalyzer. These tools record common events, such as accessing files, opening network connections, updating registry keys, and starting new processes-any of which can be an indicator of malicious activity, but there are several notable restrictions. CallAnalyzer eliminates many of these limitations.

Jeff described only the surface of what is included in the structure of the static analysis of Pharos. We hope this information will be useful to you.

More.