SBN

OllyDbg

Introduction 

OllyDbg is a 32-bit debugging tool used to analyze binary code. Its popularity is tied to the fact that people can do so despite not having access to the source code. OllyDbg can be used to evaluate and debug malware. OllyDbg is a popular debugger due to its ease of use and being freeware.

Malware analysis 

OllyDbg is useful in analyzing malware. If you plan to analyze malware on your own, you want to ensure you have your environment setup to protect yourself and your assets. This should be done in a closed environment within a virtual machine. Using a virtual machine is not enough. Do some research on best ways to isolate your environment. Avoid using bridged mode, as it leaves your network exposed.

OllyDbg is meant to run on a Windows platform. If you are creating a virtual environment using Kali Linux instead of Windows, you will need to use Wine to run OllyDbg. This is important to note, as many researchers prefer using Kali Linux for analysis. 

It’s important to note that if using a dissembler, it is expected the user have knowledge of the assembly language. It will help tremendously in the evaluation of the code.

Debugging

Evaluating malware normally involves using multiple tools. OllyDbg is just a debugger, so before you begin, you may want to determine all the information you want to retrieve from the code. Other tools like Wireshark, PE editor, IDA Pro and more may come in handy.

If you perform static analysis of malware code, the code is not actually executed. A dynamic analysis is an observation of the live code and gives a deeper picture of the functionality of the malware.

In order to perform a true dynamic analysis, you may want to allow your host to get (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Tyra Appleby. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/sLFBFjjo69k/