Rebuilding imports of dynamically resolved encrypted API functions of Ryuk ransomware in 10 minutes. IDA Pro + Labeless.
Video: [Ryuk Ransomware API Resolving in 10
minutes]
This video covers Imports rebuilding using well known tool Scylla.
It shows how one can use combination of tools - IDA + x64dbg + the Scylla´s not only the build in feature as IAT Autosearch (Normal vs Advanced) which in some situations like this does not work. You will learn how to use Scylla to specify memory address range of IAT where Dynamically resolved API function addresses are populated during the runtime.
As an example the Ryuk Ransomware sample is used. This guide can serve also for other samples where we have to properly set the Scylla tool and not only using the default searching feature for IAT reconstruction.
Video: [Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction]