Discover more from Malcore’s Blog
Ghidra Dynamic Emulation Plugin
Malcore now supports Ghidra as we enable you to perform dynamic analysis within Ghidra without the need for a sandbox.
What does this do?
Ghidra is a reverse engineering framework developed by the NSA and released to the public. It allows users to create custom plugins and implement them into Ghidra for use. This plugin allows users a quick and efficient way to perform dynamic analysis while performing reverse engineering. It will provide you with Windows API call information, the arguments passed to the API function, and the return value of the call. It will also provide you with a post analysis report that will give an amount of potentially suspicious calls, file architecture, as well as an API hash.
Dynamic emulation of files
Function call coverage
Loaded library coverage
Installation is simple and a detailed explanation can be found on the Github repository. In order to use this plugin you must have a Malcore API key. Register at Malcore.
Try Malcore for Free!
First 5 scans are free on registration
Free Malcore Registration