Amirul Azim

Hi I’m Azim. Working towards becoming a purple teamer, and improving myself every single day.

3 minute read

Introduction to Malware Analysis.

What will be covered?

  • Introduction to Malware Analysis
  • Setting up our environment
  • Static analysis
  • Introduction to Assembly language
  • Code analysis
  • Dynamic analysis
  • Behavioural analysis

What Is Malware?

Malware is short for malicious software. Anything software or program that causes damage to users is considered as malware.

Malware is used by attackers to perform malicious actions such as:

  • Spying
  • Data Exfiltration
  • Data Encryption and Destruction

Types Of Malware

Trojans - diguises itself as a legitimate program but it is actually a fake and harmful program.

Ransomware - Encrypts files on a system and demanding money in exchange to decrypt the files

What is Malware Analysis?

The process of analyzing a malware sample/binary and extracting as much information as possible from it. The information gained is used to understand the scope of the funcitonality of the Malware, how the system was infected and how to defend against similar malware in the future.

Types of Malware analysis

Static - The process of analyzing malware without executing or running it. The objective is to extract as much metadata from the malware as possible such as strings and PE headers

Dynamic - Executing malware and analyzing it’s functionality and behaviour. The objective is to understand exactly how and what the malware does during the execution. This is done in a debugger.

Code - Process of analyzing/reverse engineering assembly code. This can be both statically and dynamically done.

Behavioural - Process of analyzing and monitoring the malware after execution. It involves monitoring the processes, registry entries and network monitoring to determine the workings of the malware.

Setting up environment.

Security Guidelines

  • Keep Hypervisor updated
  • When executing malware, ensure network configuration is set to host-only
  • Do not plug any USB devices in to the VM
  • Make sure you download compressed and password protected samples to avoid accidental execution.
  • Take snapshots!
  • Do not store any valuable data on your analysis VM.
  • Disable shared folders before execution or analysis.

Vunerability Threat Asset

Categories:

Updated:

You may also enjoy

Cysa+ Prep

less than 1 minute read

One of the earliest certifications I would like to obtain is Comptia Cybersecurity Analyst (Cysa+)