New software from BlackHat makes reverse-engineering malware faster and easier for software engineers.<\/p>\n
Reverse-engineering of malware is an extremely time- and labour-intensive process, which can involve hours of disassembling and sometimes deconstructing a software programme. The BlackBerry Research and Intelligence team initially developed this open-source tool for internal use, and is now making it available to the malware reverse-engineering community.<\/p>\n
PE Tree is developed in Python and supports Windows, Linux and Mac operating systems. It can be installed and run as either a standalone application. Aimed at the reverse engineering community, PE Tree also integrates with HexRays IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction.<\/p>\n<\/p>\n
Image credit: Tom Bonner, Distinguished Threat Researcher, BlackBerry<\/p>\n
The cyber-security threat landscape continues to evolve and cyber-attacks are getting more sophisticated with potential to cause greater damage, said Eric Milam, Vice President of Research Operations, BlackBerry. As cyber-criminals up their game, the cyber-security community needs new tools in their arsenal to defend and protect organisations and people. Weve created this solution to help the cyber-security community in this fight, where there are now more than one billion pieces of malware with that number continuing to grow by upwards of 100 million pieces each year.<\/p>\n
PE Tree enables reverse-engineers to view Portable Executable (PE) files in a tree-view, using pefile and PyQt5, thereby lowering the bar for dumping and reconstructing malware from memory while providing an open-source PE viewer code-base that the community can build upon. The tool also integrates with Hex-Rays IDA Pro decompiler to allow for easy navigation of PE structures, as well as dumping in-memory PE files and performing import reconstruction which are critical in the fight to identify and stop various strains of malware.<\/p>\n
To learn more and to access the PE Tree source code, please visit theBlackBerry GitHub account.<\/p>\n
To read more, please visit the blog post here.<\/p>\n
by Tom Bonner, Distinguished Threat Researcher, BlackBerry<\/p>\n
<\/p>\n
Read the rest here: <\/p>\n