Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/d00rt/easy_way_nymaim

An IDA Pro script for creating a clearer idb for nymaim malware
https://github.com/d00rt/easy_way_nymaim

Last synced: 3 months ago
JSON representation

An IDA Pro script for creating a clearer idb for nymaim malware

Host: GitHub
URL: https://github.com/d00rt/easy_way_nymaim
Owner: d00rt
Created: 2018-04-23T14:31:54.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-04-24T08:26:37.000Z (over 6 years ago)
Last Synced: 2024-02-11T15:11:05.051Z (9 months ago)
Language: Python
Size: 15.6 MB
Stars: 10
Watchers: 0
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Easy Way Nymaim

An IDA Pro script for creating a clearer IDB for Nymaim malware.

Nymaim, to obfuscate its code uses a technique I have called "Unreferenced Call" (I don't know if there is another, more precise, name). To do this, it has some functions (115 in almost every sample I have tested) that receive two parameters. Then it does a mathematical operation between both arguments which will result in the address of the function to be executed. 

This IDA Python script I wrote is calculating the result given by the operation inside the "Unreferenced Call" and adds a comment with the value to where the function would jump. This way, reversing and debugging the binary become much easier.

# Usage/Demo

![Demo](https://raw.githubusercontent.com/d00rt/easy_way_nymaim/master/demo.gif)