O'Reilly logo

Learning Malware Analysis by Monnappa K A

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

2.1 Identifying Crypto Signatures Using Signsrch

A useful tool to search for the cryptographic signatures in a file or process is Signsrch, which can be downloaded from http://aluigi.altervista.org/mytoolz.htm. This tool relies on cryptographic signatures to detect encryption algorithms.  The cryptographic signatures are located in a text file, signsrch.sig. In the following output, when signsrch is run with the -e option, it displays the relative virtual addresses where the DES signatures were detected in the binary:

C:\signsrch>signsrch.exe -e kav.exeSignsrch 0.2.4by Luigi Auriemmae-mail: aluigi@autistici.orgweb: aluigi.org  optimized search function by Andrew http://www.team5150.com/~andrew/  disassembler engine by Oleh Yuschuk- open file ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required