Skip to content
/ reasm Public

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.

5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fox-it/reasm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

pics

pics

 
 

README.md

README.md

 
 

reasm.py

reasm.py

 
 

Repository files navigation

reasm

Extract algorithms of the malware windows 32bits and re-compile it on linux for decrypting stuff using same malware algorithms.

There are algorithms in the malwre complex to implement in python or other language, and they are changing all the time the implementation, so why no executing their decryption logic instead implementing it in other language?

This is useful for decrypting and encrypting stuff, decompressing and so on.

This tool extract the asm and prepare it to be compilable with nasm, and also prepare the asm and c file to trigger the algorithm.

Powered by Radare.

Usage

python3 reasm.py [binary name] [function name] [start address] [end address]

example:
    ./reasm.py malware_dump.bin decrypt 0x04f6bb50 0x0x04f6bc76

Pics

For example formbook use standard algorithms but modified:

rc4 modified b64 main encrypted

The Makefile: makefile

About

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.

Resources

Readme
Activity
Custom properties

Stars

5 stars

Watchers

6 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages