No announcement yet.

Reverse Engineering: An In-Depth Analysis of the Bagle Virus

  • Filter
  • Time
  • Show
Clear All
new posts

  • Reverse Engineering: An In-Depth Analysis of the Bagle Virus

    The paper is available here:

    The goal of this paper is to try to answer the following three questions:

    1. How do you reverse engineer a virus?
    2. Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants?
    3. Can reverse engineering be done more efficiently?

    The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle virus, while Appendix B presents the derived source code of the Beagle virus, as a result of this research.

    The paper is available here:

    Please comment on it! I appreciate all feedback.

    Konstantin Rozinov

  • #2
    I quickly looked through your analysis and I find it interresting. One day I have more time I will read the whole thing.. I know some assembly, but many don't, so it's nice for the beginners that you have written some of the basics of assembly. I don't know very much about viruses but I know the basics, so I'll look forward to the day I have time to read it and gain more in-depth knowledge about how viruses work.
    -- dev_zero@