Scribd
Upload
5 views12 pages

Malware Analysis

Malware is malicious software designed to harm or disrupt systems, with various types including viruses, worms, Trojans, ransomware, and rootkits. Malware analysis aims to understand the malware's capabilities, the nature of the compromise, and the attacker's intentions, utilizing methods such as static, dynamic, code, and memory analysis. Techniques like obfuscation, packers, and cryptors are employed by malware authors to protect their code from detection and analysis.

Uploaded by

Pankaj Mahur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views12 pages

Malware Analysis

Malware is malicious software designed to harm or disrupt systems, with various types including viruses, worms, Trojans, ransomware, and rootkits. Malware analysis aims to understand the malware's capabilities, the nature of the compromise, and the attacker's intentions, utilizing methods such as static, dynamic, code, and memory analysis. Techniques like obfuscation, packers, and cryptors are employed by malware authors to protect their code from detection and analysis.

Uploaded by

Pankaj Mahur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

MALWARE

ANALYSIS
What is malware?

 Malware is a code that performs malicious actions; it can take the


form of an executable, script, code, or any other software.
 A malicious software or program which intents to harm, distrupt
functionality of a system.
Types of malware
 Virus-: Malware that is capable of copying itself and spreading
to other computers virus needs user intervention.
 Worm-: whereas a worm can spread without user intervention.
 Trojan: Malware that disguises itself as a regular program to trick
users to install it on their systems. Once installed, it can perform
malicious actions such as stealing sensitive data, uploading files
to the attacker's server, or monitoring webcams.
 Backdoor / Remote Access Trojan (RAT): This is a type of Trojan
that enables the attacker to gain access to and execute
commands on the compromised system.
 Ransomware: Malware that holds the system for ransom by locking users
out of their computer or by encrypting their files.
 Rootkit: Malware that provides the attacker with privileged access to the
infected system and conceals its presence or the presence of other
software.
 Downloader or dropper: Malware designed to download or install
additional malware components.
Goals Of Malware Analysis
 The primary motive behind performing malware analysis is to extract
information from the malware sample, which can help in responding to
a malware incident. The goal of malware analysis is to determine the
capability of malware, detect it, and contain it.
 To determine the nature and purpose of the malware.
 To gain an understanding of how the system was compromised and its
impact.
 To determine the attacker's intention and motive.
What is Sandbox?
 A fully implemented malware test environment with the
appropriate dynamic analysis tools is also known as a sandbox.
 A malware sandbox can be a single system or a network of systems
designed solely to analyze malware during runtime

INDICATORS OF COMPROMISE(IOC)
 To identify the network indicators associated with the malware,
which can then be used to detect similar infections using network
monitoring.
 To extract host-based indicators such as filenames, and registry
keys, which, in turn, can be used to determine similar infection using
host-based monitoring
Types of Malware Analysis

 Static Analysis
 Dynamic Analysis
 Code Analysis
 Memory Analysis
Static Analysis

 This is the process of analyzing a binary without


executing it. It is easiest to perform and allows you to
extract the metadata associated with the suspect
binary.
 We can call it Malware at rest.
 Static analysis might not reveal all the required
information, but it can sometimes provide interesting
information that helps in determining where to focus
your subsequent analysis efforts
Dynamic Analysis
 This is the process of executing the suspect binary in an isolated
environment and monitoring its behavior. This analysis technique is
easy to perform and gives valuable insights into the activity of the
binary during its execution.
 Malware in motion
Code analysis
 It is an advanced technique that focuses on analyzing
the code to understand the inner workings of the
binary. This technique reveals information that is not
possible to determine just from static and dynamic
analysis.

Memory Analysis
 Memory analysis (Memory forensics): This is the
technique of analyzing the computer's RAM for
forensic artifacts.
Obfuscation techniques

 Obfuscation means to make something difficult to


understand programming code is often obfuscated to
protect intellectual property of trade secrets.
 Obfuscation is used by malware authors to protect the
inner workings of the malware from security researchers,
malware analysts, and reverse engineers.
 These obfuscation techniques make it difficult to
detect/analyze the binary; extracting the strings from such
binary results in very fewer strings, and most of the strings
are obscured.
Packers
 A Packer is a program that takes the executable as input,
and it uses compression to obfuscate the executable's
content. This obfuscated content is then stored within the
structure of a new executable file.

Cryptors

 A Cryptor is similar to a Packer, but instead of using


compression, it uses encryption to obfuscate the
executable's content, and the encrypted content is stored
in the new executable file.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy