One of the most common examples of reverse engineering is malicious code analysis. In order to clean up after, and prevent further infection by a piece of malicious code, it must be analyzed. Such analysis is often used for generating IDS signatures, detemining exploits used (and hence which patches would be required) and writing detection modules for antivirus software. Usually, this must be done in as little time as possible.

This presentation will cover two examples of popular Windows malicious code. This will include how to unpack or decrypt it, using IDA Pro to disassemble it, and finding the most important pieces first. The speaker will demonstrate which steps to perform first, in order to perform the quickest analysis. Some knowledge of Intel assembly and Windows programming will be of benefit to attendees, but is not required. The presentation will feature a special guest to discuss packers and cryptors.