Under the Hood of Wslink Multilayered Virtual Machine
Offered By: Recon Conference via YouTube
Course Description
Overview
Dive into a 35-minute conference talk from Recon 2022 that explores the intricate workings of Wslink, a sophisticated loader associated with the Lazarus group. Uncover the advanced virtual machine obfuscator protecting Wslink samples and learn about the multiple layers of obfuscation techniques employed, including junk code insertion, virtual operand encoding, and nested VMs. Follow along as the speaker, Vladislav Hrčka, an experienced malware analyst from ESET, presents a semiautomatic approach to deobfuscating the VM's internals. Gain insights into the symbolic execution method used to extract virtual opcode semantics and understand how treating certain VM constructs as concrete values enables automatic handling of additional obfuscation techniques. Compare the deobfuscation results against non-obfuscated samples to validate the effectiveness of this approach in reverse engineering challenging malware.
Syllabus
Recon 2022 - Under the hood of Wslink multilayered virtual machine
Taught by
Recon Conference
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy