Malware Analysis with PeStudio, Ghidra

11/18/2020

If you want to figure out how that program works, you need to take it apart… That’s where Ghidra comes in to play

Ghidra

Ghidar is a software reverse engineering suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission. Ghidra includes a suite of analysis tools that enable researchers to analyze compiled code. Ghidar works across several platforms including Windows, macOS, and Linux. Ghidra includes tools around disassembly, assembly, decompilation, graphing, and scripting. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Ghidra is highly customizable and several plug-in exist wich can be written in Java or Python. Ghidra is open source and can be found on github

PeStudio Malware Initial Assessment

The goal of PeStudio is to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment and is used by Computer Emergency Response Teams and Labs worldwide. PeStudio is a powerful tool for performing some static surface analysis of a file. While the free version of PeStudio has some nice features the licensed or pro version comes with a much larger assortment of tools that more than make up the cost of the application in the time savings.