Firetalk #3: Stack Cleaning — A Quest in Hunting for FLIRT presented at shmoocon 2018

by Jon Erickson,

Summary : While reverse engineering, an annoying malware sample broke my Hex-Ray’s decompiler – the “cheat code” of IDA Pro. In this talk, I’ll walk you through my exploration of the bug that causes HexRays to fail, hunting for the malware’s source, and finding the exact source code and compiler which was used to create the sample. I’ll wrap up by showing techniques that you can use make analysis of future malware samples like this one easier.