Reverse Engineering: Simple malware deobfuscation (CFG reconstruction and xrays) & analysis

In this video I show how we can create functions when IDA fails because of the usage of opaque predicates, a common anti-disassembling trick. We will also see how we can statically decrypt the malware using a technique called (by the AV industry) as X-Rays.

This malware was called "FlyStudio" by some AV companies. The MD5 hash of the sample analysed in the video is the following one: 09002944F0F0EEC37B022507919C3538. You can download the malware samples from this URL:

https://bazaar.abuse.ch/sample/8b11f853afd0119988fd2fa04e379c6d77eb9806314b198d5c92cd1258fd02f7/

The IDA Python script used in this video to decrypt the body of the malware samples is available here:

https://pastebin.com/MCQ48ghy