This write-up covers the Dynamic Binary Instrumentation (DBI) tool, specifically focusing on its function in extracting authentic malware behavior. Peekaboo (version 1.3.7.0 online and similar builds) is designed to instrument and analyze evasive malware samples to defeat anti-analysis techniques. Overview of Peekaboo DBI
Peekaboo intercepts routines and monitors the number of modules loaded, system calls made, and threads created to determine the sample's runtime behavior. download-peekaboo-v1-3-7-0-online
Peekaboo is an automated tool built on the Intel Pin DBI framework. Its primary purpose is to bypass the evasive maneuvers modern malware uses to detect virtual machines (VMs) or debuggers, allowing researchers to capture "authentic" behavior that would otherwise remain hidden. Peekaboo is an automated tool built on the
It helps in identifying the true intent of packed or obfuscated malware by decompressing and analyzing them during execution. It primarily runs on Windows 10 64-bit Pro
It primarily runs on Windows 10 64-bit Pro guest VMs, managed by an Ubuntu 22.04 host management layer using Python.
Each sample is typically run for up to 15 minutes to ensure complete behavioral observation, including long-term evasive techniques.