Things to prepare
The file we are about to analyze can be downloaded from https://github.com/PacktPublishing/Mastering-Reverse-Engineering/blob/master/ch12/whatami.zip. It is a password-protected zip file and the password is "infected
", without the quotes.
We need to prepare our Windows lab setup. The analysis discussed in this chapter runs the program in a VirtualBox guest running a Windows 10 32-bit operating system . The following tools additionally need to be prepared:
- IDA Pro 32-bit: A copy of the free version can be downloaded from https://github.com/PacktPublishing/Mastering-Reverse-Engineering/blob/master/tools/Disassembler%20Tools/32-bit%20idafree50.exe.
- x86dbg: The latest version can be downloaded from https://x64dbg.com. A copy of of an older version is available at https://github.com/PacktPublishing/Mastering-Reverse-Engineering/blob/master/tools/Debuggers/x64dbg%20-%20snapshot_2018-04-05_00-33.zip.
- Fakenet: The official version can be downloaded at https://github.com/fireeye/flare...