VERA v0.31 Visualizing Executables for Reversing and Analysis released
VERA is a visualization tool for analyzing compiled executables. It is built on an OpenGL framework with the wxWidgets package. The current version is only for use with theWindows XP and higher operating system. This manual will detail the steps that are needed to run and analyze a sample of malware.
There are two ways to generate trace data for VERA. The first is with the Ether hypervisor. Ether is a set of patches made to the Xen hypervisor that allows for covert analysis of running processes. It makes an ideal environment to monitor and trace running programs. More information is available from the Ether website.
The next option is to use the VERA Trace Intel PIN module. This is a much simpler way of running traces and can be used inside any virtual machine. When
available, choose the Ether system for generating traces. Ether is more resilient to detection over the Intel PIN based Veratrace.