all InfoSec news
How to Create F.L.I.R.T Signature Using Yara Rules for Static Analysis of ELF Malware
Malware Analysis, News and Indicators - Latest topics malware.news
It has been observed that ELF malware removes symbol information during its build. This creates extra work in malware analysis to identify each function name because you do not know them. In addition, in IDA, an analysis tool, existing F.L.I.R.T signatures [1] (hereafter abbreviated as FLIRT signatures in this article) are often not applicable to ELF malware functions, making analysis difficult when right signatures are not found.
This blog article describes how to identify function names using Yara rules. It …
addition analysis build elf function ida identify information malware malware analysis name rules signature signatures static analysis tool work yara yara rules