Malware Journey Day 20

As where credits are due. Thanks OALabs!

Delphi Binary

DanaLoader: 2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd

core: 77ff83cc49d6c1b71c474a17eeaefad0f0a71df0a938190bf9a9a7e22531c292

sample: 7417ee2722871b2c667174acc43dd3e79fcdd41bef9a48209eeae0ed43179e1f

I tried using malwoverview.py to create a BAZAAR Report, though failure to find hash.

Time to use IDR

This is extracting symbols like function names from only Delphi executables. Without this reversing library code is miserable through IDA

In IDR I create a map and script file

Unfortunately I learned the hard way my IDA Free verizon doesnt support this. There goes 2 hours of debugging. haha. This blog is sort of a failure due to lots of googling and meeting a dead end pay wall