Post Fri Apr 05, 2013 12:42 am

Binary Auditor - PE format rebuilding exercise solution

Hi everyone, I am new to this forum, I would like to start by providing a link to Binary Auditor's PE format rebuilding exercise.

Excercise Link : www.binary-auditing.com

Solution Link : http://resources.infosecinstitute.com/hex-editor/

The provided file is a split PE that has to be recombined after generating headers for it as well. Further the only tool used is a generic hex editor with additional features like byte histogram/entropy/opcode visualization etc may be used as extra features as and when needed. The goal is to keep it simple and quick.

I think the exercise is quite simple enough for beginners to intermediate in malware analysis as pe rebuilding is quite a common activity post unpacking in many packed malwares.

I hope you find it useful :)