The best solution we’ve found for debugging malware’s native Java bytecode is Dr. However, this all goes out the window when dealing with Java bytecode-based obfuscation, as most Java IDEs won’t compile raw JVM instructions, nor allow you to step through these instructions without the original source code. This allows us to build a project using the decompiled code and then dynamically debug it through the IDE. In cases where we need to dynamically debug Java programs, decompiled Java can be exported from the decompiler and then imported into a Java IDE like Eclipse as part of a new Java project. Tools like JD-GUI make Java analysis a breeze and do an excellent job at recovering Java binaries’ source code (minus the comments). Reverse engineering Java is typically very straightforward, since excellent Java binary decompilers have existed for years. At CrowdStrike, we’ve seen a moderate increase in Java-based malware recently, with Remote Access Tools (RATs) like Adwind becoming increasingly prevalent.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |