all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ghidra reverse engineering malware filled with empty space.

Add to bookmarks
Nov. 14, 2023, 12:19 a.m. | /u/mattbann

Malware Analysis & Reports www.reddit.com

I have been reverse engineering a piece of malware that attacked a friend of mine. Its a single executable around 70MB and upon loading it up I noticed that the majority of it is zero'ed out memory.
In a section called .ndata 60% of the program is interpreted like this:

0047b002 ?? ??

Which I'm assuming is either some unknown data type or the creators attempt of giving the executable enough size so that someone doesn't suspect the file size …

called engineering ghidra malware memory piece program reverse reverse engineering single space

Visit resource

More from www.reddit.com / Malware Analysis & Reports

Phising opensea 5 days, 11 hours ago | www.reddit.com
mail malware opensea phishing +1
Understanding How CVEProject/cvelistV5 Works 1 week ago | www.reddit.com
api cve cves etc +18
[Video] Triaging Files on VirusTotal 1 week, 5 days ago | www.reddit.com
files malware video virustotal
Need recommendations for Premium Tools 1 week, 5 days ago | www.reddit.com
analysis atm budget can +12
Are hidden incoming SMS common for C&C? 2 weeks ago | www.reddit.com
account android android malware carrier +12
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters 2 weeks, 1 day ago | www.reddit.com
attackers clusters critical exploiting +5
A Powerful tracing engine based on Qemu 2 weeks, 5 days ago | www.reddit.com
binary called can case +20
[Fixed] Coding The Rat King: A Multi-Family Malware Configuration Parser 2 weeks, 6 days ago | www.reddit.com
code coding configuration family +5
Dynamic Malware Analysis of Konni RAT Malware APT37 With Any.Run 3 weeks, 5 days ago | www.reddit.com
advanced amp analysis any.run +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

DevSecOps Engineer

@ LinQuest | Beavercreek, Ohio, United States
View on infosec-jobs.com

Senior Developer, Vulnerability Collections (Contractor)

@ SecurityScorecard | Remote (Turkey or Latin America)
View on infosec-jobs.com

Cyber Security Intern 03416 NWSOL

@ North Wind Group | RICHLAND, WA
View on infosec-jobs.com

Senior Cybersecurity Process Engineer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Sr. Manager, Cybersecurity and Info Security

@ AESC | Smyrna, TN 37167, Smyrna, TN, US | Santa Clara, CA 95054, Santa Clara, CA, US | Florence, SC 29501, Florence, SC, US | Bowling Green, KY 42101, Bowling Green, KY, US
View on infosec-jobs.com
View more jobs