Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Under the Hood of Wslink Multilayered Virtual Machine

Recon Conference via YouTube

Overview

Dive into a 35-minute conference talk from Recon 2022 that explores the intricate workings of Wslink, a sophisticated loader associated with the Lazarus group. Uncover the advanced virtual machine obfuscator protecting Wslink samples and learn about the multiple layers of obfuscation techniques employed, including junk code insertion, virtual operand encoding, and nested VMs. Follow along as the speaker, Vladislav Hrčka, an experienced malware analyst from ESET, presents a semiautomatic approach to deobfuscating the VM's internals. Gain insights into the symbolic execution method used to extract virtual opcode semantics and understand how treating certain VM constructs as concrete values enables automatic handling of additional obfuscation techniques. Compare the deobfuscation results against non-obfuscated samples to validate the effectiveness of this approach in reverse engineering challenging malware.

Syllabus

Recon 2022 - Under the hood of Wslink multilayered virtual machine

Taught by

Recon Conference

Reviews

Start your review of Under the Hood of Wslink Multilayered Virtual Machine

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.