nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-analysis_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-03-20 15:06:13 +09:00 committed by GitHub
parent f53670e333
commit fb47c0a89d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
malware-analysis_ref_and_memo.md
View File

@ -223,6 +223,7 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
- [010 Editorに組み込むことも可能](https://www.sweetscape.com/010editor/repository/scripts/file_info.php?file=RateStrings.1sc&type=1&sort=)
- ref:
- [Learning to Rank Strings Output for Speedier Malware Analysis](https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html)
- **exiftool**
- **wql**
- wqlで子プロセスの検索
@ -388,6 +389,7 @@ Injecition/Hollowingされたプロセスの自動検出<br>
### lnk file
- **[LnkParse](https://pypi.org/project/LnkParse3/)**
- .lnkファイルのパーサ
- exiftoolでもパース可能
- [[MS-SHLLINK]: Shell Link (.LNK) Binary File Format](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/16cb4ca1-9339-4d0c-a68d-bf1d6cc0f943?redirectedfrom=MSDN)
- .lnkファイルのバイナリフォーマット