Malware Loader Reverse Engineering with IDA Pro (Stream - 06/05/2025)

In this stream we reverse engineered a malware loader with IDA Pro, including its anti-analysis, persistence, COM UAC Bypass, command-line spoofing, C2, process injection, and TCP proxy functionality.

Learn how to reverse engineer malware: https://training.invokere.com/course/...
Notes: https://github.com/Invoke-RE/stream-n...
Twitch:   / invokereversing  
Twitter:   / invokereversing  
Mastodon: https://infosec.exchange/@invokerever...

Intro and Background 00:00
Anti-Language Check 02:45
Anti-VM and Anti-Analysis 04:30
Sandbox File Anti-Analysis 10:09
Username Anti-Analysis 23:40
More File Anti-Analysis 25:16
Loader Functionality 27:11
Persistence Javascript and MS Defender Exclusion 36:08
Command Line Spoofing 37:22
COM UAC Bypass 46:51
Answering Questions 52:17
Reversing Continued 58:33
C2 Functionality 01:01:01
Loader Functionality 01:07:00
Process Injection Functionality 01:24:45
Cleanup Functionality 01:34:10
TCP Proxy Functionality 01:34:53