How to Dynamic Malware Imports using IDA and x32dbg?

Foxie · January 3, 2023, 10:29pm

How to Reverse Engineer Dynamic Malware Imports using a debugger like x32dbg or Ollydbg? And IDA PRO?

I want to dump process injection malware using a debugger trick using a breakpoint on write process memory. But I can’t find any injection-related function like WriteProcessMemory at all… I suspect the reason is the malware is dynamically importing at run time.

How to solve these Issues?

Numlyme · July 10, 2024, 6:58pm

If you suspect the malware is dynamically importing functions at runtime, it could be evading detection by traditional breakpoints.

Luiscongo1 · July 10, 2024, 7:00pm

Start by setting breakpoints on API calls to track their flow. Dive deep into the code, analyze memory dumps, and watch out for any unusual behavior.