1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update malware-analysis_ref_and_memo.md

This commit is contained in:
mether049 2020-03-20 15:06:13 +09:00 committed by GitHub
parent f53670e333
commit fb47c0a89d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -223,6 +223,7 @@ DFIR,マルウェア解析OSINTに特化したUbuntuベースのディスト
- [010 Editorに組み込むことも可能](https://www.sweetscape.com/010editor/repository/scripts/file_info.php?file=RateStrings.1sc&type=1&sort=) - [010 Editorに組み込むことも可能](https://www.sweetscape.com/010editor/repository/scripts/file_info.php?file=RateStrings.1sc&type=1&sort=)
- ref: - ref:
- [Learning to Rank Strings Output for Speedier Malware Analysis](https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html) - [Learning to Rank Strings Output for Speedier Malware Analysis](https://www.fireeye.com/blog/threat-research/2019/05/learning-to-rank-strings-output-for-speedier-malware-analysis.html)
- **exiftool**
- **wql** - **wql**
- wqlで子プロセスの検索 - wqlで子プロセスの検索
@ -388,6 +389,7 @@ Injecition/Hollowingされたプロセスの自動検出<br>
### lnk file ### lnk file
- **[LnkParse](https://pypi.org/project/LnkParse3/)** - **[LnkParse](https://pypi.org/project/LnkParse3/)**
- .lnkファイルのパーサ - .lnkファイルのパーサ
- exiftoolでもパース可能
- [[MS-SHLLINK]: Shell Link (.LNK) Binary File Format](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/16cb4ca1-9339-4d0c-a68d-bf1d6cc0f943?redirectedfrom=MSDN) - [[MS-SHLLINK]: Shell Link (.LNK) Binary File Format](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/16cb4ca1-9339-4d0c-a68d-bf1d6cc0f943?redirectedfrom=MSDN)
- .lnkファイルのバイナリフォーマット - .lnkファイルのバイナリフォーマット