Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.
help with 16-bit Malware analysis! FBI moneypak
I am a student going for my BS in Network Engineering, and recently at my job I have been getting into Malware Analysis. Last week I managed to obtain a sample of the recent FBI moneypak virus that has been going around. It was in an .exe format so I figured it would be simply to run it through PEview to see whats up and then a debugger like Ollydbg to look under the hood.
Unfortunately the .exe is a 16-bit DOS executable. I think. When I first opened it with PEview, it only displayed the message "This program cannot be run in DOS mode". So I thought that it must be a packed 32-bit app somehow. But then I tried to run it through Ollydbg and after about 20 minutes I realized I was looking at NTVDM.exe and something called kernalba ( I think its actually kernalbase but for some reason ollydbg only showed kernalba), not the actual program.
Then I tried a short dynamic analysis to see what ran, and sure enough NTVDM.exe ran. I didn't see anything else so I wiped the computer and started over.
So now that I know I have a 16-bit DOS exe that I need to debug and I am looking for a debugger program. I heard that the IDA trial won't let me debug 16-bit and I have no clue what command I use to load this file into GRDB or even debug.exe
Do any of you guys know of a place that has GRDB or debug.exe tutorials? Or of a GUI 16-bit debugger?
0 · ·