Running Shell Code for Analysis

Today, I want to share a simple tutorial related to malware analysis that talks about running the shellcode for simulation purposes

When we are at the stage of analysis that we want to know what is the shellcode does during the exploitation, you need to run some procedures and tools to get the job done

We need to extract the shellcode and convert it into binary that can be executed. Take an example of encoded shellcode below


We can convert the encoded shellcode into binary using with the below command. Copy the shellcode above to text file “shellcode.txt”

python -e pu shellcode.txt -s 1 -d > rio.bin

To execute the shellcode that has been converted into binary, we can use tools called scdebug to simulate and monitor the API call

We can see from the image above that the shellcode that we just executed call to download malicious file. As the malware analyst that we can understand clearly the intention of the attacker

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s