際際滷

際際滷Share a Scribd company logo

CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt

Download as ppt, pdf
M
ManjuAppukuttan2

This chapter provides an overview of malware analysis. It outlines the goals of malware analysis as determining what happened during a network intrusion and ensuring all infected machines and files are located. It describes static and dynamic analysis techniques, from basic to advanced. It also defines common types of malware like backdoors, botnets, downloaders, and more. Finally, it provides general rules for malware analysis, like focusing on key features and using different tools/approaches when stuck.

1 of 11
Download to read offline
1
Chapter 1 Malware Analysis Primer Prepared by, Dr. A. Manju, M.E., Ph.D, Assistant Professor, SRM Institute of Science & Technology, Ramapuram Campus Michael Sikorski, Practical Malware Analysis The Hands-On Guide to Dissecting Malicious Software, Kindle Edition, No Starch Press; 1 edition (1 February 2012), ISBN: 1593272901
2
Outline The Goals of Malware Analysis Malware Analysis Techniques Types of Malware General Rules for Malware Analysis
3
The Goals of Malware Analysis The purpose of malware analysis is usually to provide the information you need to respond to a network intrusion. Your goals will typically be to determine exactly what happened, and to ensure that youve located all infected machines and files. When analyzing suspected malware, your goal will typically be to determine exactly what a particular suspect binary can do, how to detect it on your network, and how to measure and contain its damage. Once you identify which files require full analysis, its time to develop signatures to detect malware infections on your network.
4
The Goals of Malware Analysis Host-based signatures, or indicators, are used to detect malicious code on victim computers. These indicators often identify files created or modified by the malware or specific changes that it makes to the registry. Unlike antivirus signatures, malware indicators focus on what the malware does to a system, not on the characteristics of the malware itself, which makes them more effective in detecting malware that changes form or that has been deleted from the hard disk. Network signatures are used to detect malicious code by monitoring network traffic. Network signatures can be created without malware analysis, but signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.
5
Malware Analysis Techniques There are two fundamental approaches to malware analysis: o static and o dynamic. Static analysis involves examining the malware without running it. Dynamic analysis involves running the malware.
6
Malware Analysis Techniques Both techniques are further categorized as basic or advanced. Basic Static Analysis: o Examining the executable file without viewing the actual instructions. o Confirm whether a file is malicious, provide information about its functionality, and sometimes provide information that will allow you to produce simple network signatures. o Straightforward and can be quick, but its largely ineffective against sophisticated malware, and it can miss important behaviors. Basic Dynamic Analysis: o Involve running the malware and observing its behavior on the system in order to remove the infection, produce effective signatures, or both. o However, before you can run malware safely, you must set up an environment that will allow you to study the running malware without risk of damage to your system or network. o Basic dynamic analysis techniques can be used by most people without deep programming knowledge, but they wont be effective with all malware and can miss important functionality.
7
Malware Analysis Techniques Advanced Static Analysis: o consists of reverse-engineering the malwares internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does. o The instructions are executed by the CPU, so advanced static analysis tells you exactly what the program does. o It has a steeper learning curve than basic static analysis and requires specialized knowledge of disassembly, code constructs, and Windows operating system concepts. Advanced Dynamic Analysis: o Uses a debugger to examine the internal state of a running malicious executable. o Provide another way to extract detailed information from an executable. o These techniques are most useful when youre trying to obtain information that is difficult to gather with the other techniques.
8
Types of Malware Backdoor: Malicious code that installs itself onto a computer to allow the attacker access. Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system. Botnet: Similar to a backdoor, in that it allows the attacker access to the system, but all computers infected with the same botnet receive the same instructions from a single command-and-control server. Downloader: Malicious code that exists only to download other malicious code. Downloaders are commonly installed by attackers when they first gain access to a system. The downloader program will download and install additional malicious code.
9
Types of Malware Information-stealing malware: Malware that collects information from a victims computer and usually sends it to the attacker. Examples include sniffers, password hash grabbers, and keyloggers. This malware is typically used to gain access to online accounts such as email or online banking. Launcher: Malicious program used to launch other malicious programs. Usually, launchers use non-traditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system. Rootkit: Malicious code designed to conceal the existence of other code. Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
10
Types of Malware Scareware: Malware designed to frighten an infected user into buying something. It usually has a user interface that makes it look like an antivirus or other security program. It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their software, when in reality, the software its selling does nothing more than remove the scareware. Spam-sending malware: Malware that infects a users machine and then uses that machine to send spam. This malware generates income for attackers by allowing them to sell spam- sending services. Worm or virus: Malicious code that can copy itself and infect additional computers.
11
General Rules of Malware Analysis Most malware programs are large and complex, and you cant possibly understand every detail. First, focus on the key features. When you run into difficult and complex sections, try to get a general overview before you get stuck in the weeds. Second, remember that different tools and approaches are available for different jobs. There is no one approach. If you get stuck, dont spend too long on any one issue; move on to something else. Try analyzing the malware from a different angle, or just try a different approach. Finally, remember that malware analysis is like a cat-and-mouse game. As new malware analysis techniques are developed, malware authors respond with new techniques to thwart analysis. To succeed as a malware analyst, you must be able to recognize, understand, and defeat these techniques, and respond to changes in the art of malware analysis.
Chapter 1 Malware Analysis Primer Prepared by, Dr. A. Manju, M.E., Ph.D, Assistant Professor, SRM Institute of Science & Technology, Ramapuram Campus Michael Sikorski, Practical Malware Analysis The Hands-On Guide to Dissecting Malicious Software, Kindle Edition, No Starch Press; 1 edition (1 February 2012), ISBN: 1593272901
Outline The Goals of Malware Analysis Malware Analysis Techniques Types of Malware General Rules for Malware Analysis
The Goals of Malware Analysis The purpose of malware analysis is usually to provide the information you need to respond to a network intrusion. Your goals will typically be to determine exactly what happened, and to ensure that youve located all infected machines and files. When analyzing suspected malware, your goal will typically be to determine exactly what a particular suspect binary can do, how to detect it on your network, and how to measure and contain its damage. Once you identify which files require full analysis, its time to develop signatures to detect malware infections on your network.
The Goals of Malware Analysis Host-based signatures, or indicators, are used to detect malicious code on victim computers. These indicators often identify files created or modified by the malware or specific changes that it makes to the registry. Unlike antivirus signatures, malware indicators focus on what the malware does to a system, not on the characteristics of the malware itself, which makes them more effective in detecting malware that changes form or that has been deleted from the hard disk. Network signatures are used to detect malicious code by monitoring network traffic. Network signatures can be created without malware analysis, but signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.
Malware Analysis Techniques There are two fundamental approaches to malware analysis: o static and o dynamic. Static analysis involves examining the malware without running it. Dynamic analysis involves running the malware.
Malware Analysis Techniques Both techniques are further categorized as basic or advanced. Basic Static Analysis: o Examining the executable file without viewing the actual instructions. o Confirm whether a file is malicious, provide information about its functionality, and sometimes provide information that will allow you to produce simple network signatures. o Straightforward and can be quick, but its largely ineffective against sophisticated malware, and it can miss important behaviors. Basic Dynamic Analysis: o Involve running the malware and observing its behavior on the system in order to remove the infection, produce effective signatures, or both. o However, before you can run malware safely, you must set up an environment that will allow you to study the running malware without risk of damage to your system or network. o Basic dynamic analysis techniques can be used by most people without deep programming knowledge, but they wont be effective with all malware and can miss important functionality.
Malware Analysis Techniques Advanced Static Analysis: o consists of reverse-engineering the malwares internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does. o The instructions are executed by the CPU, so advanced static analysis tells you exactly what the program does. o It has a steeper learning curve than basic static analysis and requires specialized knowledge of disassembly, code constructs, and Windows operating system concepts. Advanced Dynamic Analysis: o Uses a debugger to examine the internal state of a running malicious executable. o Provide another way to extract detailed information from an executable. o These techniques are most useful when youre trying to obtain information that is difficult to gather with the other techniques.
Types of Malware Backdoor: Malicious code that installs itself onto a computer to allow the attacker access. Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system. Botnet: Similar to a backdoor, in that it allows the attacker access to the system, but all computers infected with the same botnet receive the same instructions from a single command-and-control server. Downloader: Malicious code that exists only to download other malicious code. Downloaders are commonly installed by attackers when they first gain access to a system. The downloader program will download and install additional malicious code.
Types of Malware Information-stealing malware: Malware that collects information from a victims computer and usually sends it to the attacker. Examples include sniffers, password hash grabbers, and keyloggers. This malware is typically used to gain access to online accounts such as email or online banking. Launcher: Malicious program used to launch other malicious programs. Usually, launchers use non-traditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system. Rootkit: Malicious code designed to conceal the existence of other code. Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
Types of Malware Scareware: Malware designed to frighten an infected user into buying something. It usually has a user interface that makes it look like an antivirus or other security program. It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their software, when in reality, the software its selling does nothing more than remove the scareware. Spam-sending malware: Malware that infects a users machine and then uses that machine to send spam. This malware generates income for attackers by allowing them to sell spam- sending services. Worm or virus: Malicious code that can copy itself and infect additional computers.
General Rules of Malware Analysis Most malware programs are large and complex, and you cant possibly understand every detail. First, focus on the key features. When you run into difficult and complex sections, try to get a general overview before you get stuck in the weeds. Second, remember that different tools and approaches are available for different jobs. There is no one approach. If you get stuck, dont spend too long on any one issue; move on to something else. Try analyzing the malware from a different angle, or just try a different approach. Finally, remember that malware analysis is like a cat-and-mouse game. As new malware analysis techniques are developed, malware authors respond with new techniques to thwart analysis. To succeed as a malware analyst, you must be able to recognize, understand, and defeat these techniques, and respond to changes in the art of malware analysis.
Ad

Recommended

CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfCHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
ManjuAppukuttan2
Chapter 1 malware analysis primer
Chapter 1 malware analysis primerChapter 1 malware analysis primer
Chapter 1 malware analysis primer
ManjuA8
Introduction To Malware Analysis.pptx
Introduction To Malware Analysis.pptxIntroduction To Malware Analysis.pptx
Introduction To Malware Analysis.pptx
TrngTun36
Introduction To Malware Analysis.pptx
Introduction To Malware Analysis.pptxIntroduction To Malware Analysis.pptx
Introduction To Malware Analysis.pptx
datasun
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
Unveiling the Shadows: A Comprehensive Guide to Malware Analysis for Ensuring...
CyberPro Magazine
What Are The Types of Malware? Must Read
What Are The Types of Malware? Must ReadWhat Are The Types of Malware? Must Read
What Are The Types of Malware? Must Read
Bytecode Security
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdf
WajdiElhamzi3
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
ijcsa
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis
HusseinMuhaisen
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
Sam Bowne
Ch0 1
Ch0 1Ch0 1
Ch0 1
TylerDerdun
Malware Analysis Techniques &Incident Response.pptx
Malware Analysis Techniques &Incident Response.pptxMalware Analysis Techniques &Incident Response.pptx
Malware Analysis Techniques &Incident Response.pptx
Gol D Roger
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Sandeep Kumar Seeram
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
Malware Analysis for cyber security & Network Security
Malware Analysis for cyber security & Network SecurityMalware Analysis for cyber security & Network Security
Malware Analysis for cyber security & Network Security
surajpatil318663
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
Akash Karwande
Cyber Security Threats Unveilded
Cyber Security Threats UnveildedCyber Security Threats Unveilded
Cyber Security Threats Unveilded
Elewayte
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
Mission Impossible - Malware Analysis.pdf
Mission Impossible - Malware Analysis.pdfMission Impossible - Malware Analysis.pdf
Mission Impossible - Malware Analysis.pdf
null - The Open Security Community
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
IJNSA Journal
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
Editor IJMTER
Malware detection
Malware detectionMalware detection
Malware detection
ssuser1eca7d
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin
SEPM UNIT V.pptx software engineeing and product management
SEPM UNIT V.pptx software engineeing and product managementSEPM UNIT V.pptx software engineeing and product management
SEPM UNIT V.pptx software engineeing and product management
ManjuAppukuttan2
SEPM UNIT V.pptx software engineering and product management
SEPM UNIT V.pptx software engineering and product managementSEPM UNIT V.pptx software engineering and product management
SEPM UNIT V.pptx software engineering and product management
ManjuAppukuttan2

More Related Content

Similar to CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt (20)

Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
ijcsa
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis
HusseinMuhaisen
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
Sam Bowne
Ch0 1
Ch0 1Ch0 1
Ch0 1
TylerDerdun
Malware Analysis Techniques &Incident Response.pptx
Malware Analysis Techniques &Incident Response.pptxMalware Analysis Techniques &Incident Response.pptx
Malware Analysis Techniques &Incident Response.pptx
Gol D Roger
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Sandeep Kumar Seeram
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
Malware Analysis for cyber security & Network Security
Malware Analysis for cyber security & Network SecurityMalware Analysis for cyber security & Network Security
Malware Analysis for cyber security & Network Security
surajpatil318663
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
Akash Karwande
Cyber Security Threats Unveilded
Cyber Security Threats UnveildedCyber Security Threats Unveilded
Cyber Security Threats Unveilded
Elewayte
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
Mission Impossible - Malware Analysis.pdf
Mission Impossible - Malware Analysis.pdfMission Impossible - Malware Analysis.pdf
Mission Impossible - Malware Analysis.pdf
null - The Open Security Community
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
IJNSA Journal
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
Editor IJMTER
Malware detection
Malware detectionMalware detection
Malware detection
ssuser1eca7d
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
ijcsa
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis
HusseinMuhaisen
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
Sam Bowne
Ch0 1
Ch0 1Ch0 1
Ch0 1
TylerDerdun
Malware Analysis Techniques &Incident Response.pptx
Malware Analysis Techniques &Incident Response.pptxMalware Analysis Techniques &Incident Response.pptx
Malware Analysis Techniques &Incident Response.pptx
Gol D Roger
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Sandeep Kumar Seeram
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
Mohammed Jaseem Tp
Malware Analysis for cyber security & Network Security
Malware Analysis for cyber security & Network SecurityMalware Analysis for cyber security & Network Security
Malware Analysis for cyber security & Network Security
surajpatil318663
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
Akash Karwande
Cyber Security Threats Unveilded
Cyber Security Threats UnveildedCyber Security Threats Unveilded
Cyber Security Threats Unveilded
Elewayte
Malware analysis
Malware analysisMalware analysis
Malware analysis
Prakashchand Suthar
Mission Impossible - Malware Analysis.pdf
Mission Impossible - Malware Analysis.pdfMission Impossible - Malware Analysis.pdf
Mission Impossible - Malware Analysis.pdf
null - The Open Security Community
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
Natraj G
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
IJNSA Journal
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
Editor IJMTER
Malware detection
Malware detectionMalware detection
Malware detection
ssuser1eca7d
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin

More from ManjuAppukuttan2 (17)

SEPM UNIT V.pptx software engineeing and product management
SEPM UNIT V.pptx software engineeing and product managementSEPM UNIT V.pptx software engineeing and product management
SEPM UNIT V.pptx software engineeing and product management
ManjuAppukuttan2
SEPM UNIT V.pptx software engineering and product management
SEPM UNIT V.pptx software engineering and product managementSEPM UNIT V.pptx software engineering and product management
SEPM UNIT V.pptx software engineering and product management
ManjuAppukuttan2
Unit 1 Introduction to Streaming Analytics
Unit 1 Introduction to Streaming AnalyticsUnit 1 Introduction to Streaming Analytics
Unit 1 Introduction to Streaming Analytics
ManjuAppukuttan2
SRM First Review PPT Template for project
SRM First Review PPT Template for projectSRM First Review PPT Template for project
SRM First Review PPT Template for project
ManjuAppukuttan2
Streaming Analytics Unit 5 notes for engineers
Streaming Analytics Unit 5 notes for engineersStreaming Analytics Unit 5 notes for engineers
Streaming Analytics Unit 5 notes for engineers
ManjuAppukuttan2
Streaming Analytics unit 4 notes for engineers
Streaming Analytics unit 4 notes for engineersStreaming Analytics unit 4 notes for engineers
Streaming Analytics unit 4 notes for engineers
ManjuAppukuttan2
Streaming Analytics Unit 3 notes for engineers
Streaming Analytics Unit 3 notes for engineersStreaming Analytics Unit 3 notes for engineers
Streaming Analytics Unit 3 notes for engineers
ManjuAppukuttan2
Streaming Analytics unit 2 notes for engineers
Streaming Analytics unit 2 notes for engineersStreaming Analytics unit 2 notes for engineers
Streaming Analytics unit 2 notes for engineers
ManjuAppukuttan2
Streaming Analytics Unit 1 notes for engineers
Streaming Analytics Unit 1 notes for engineersStreaming Analytics Unit 1 notes for engineers
Streaming Analytics Unit 1 notes for engineers
ManjuAppukuttan2
CHAPTER 3 BASIC DYNAMIC ANALYSIS.ppt
CHAPTER 3 BASIC DYNAMIC ANALYSIS.pptCHAPTER 3 BASIC DYNAMIC ANALYSIS.ppt
CHAPTER 3 BASIC DYNAMIC ANALYSIS.ppt
ManjuAppukuttan2
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.pptCHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
ManjuAppukuttan2
UNIT 3.1 INTRODUCTON TO IDA.ppt
UNIT 3.1 INTRODUCTON TO IDA.pptUNIT 3.1 INTRODUCTON TO IDA.ppt
UNIT 3.1 INTRODUCTON TO IDA.ppt
ManjuAppukuttan2
UNIT 3.2 GETTING STARTED WITH IDA.ppt
UNIT 3.2 GETTING STARTED WITH IDA.pptUNIT 3.2 GETTING STARTED WITH IDA.ppt
UNIT 3.2 GETTING STARTED WITH IDA.ppt
ManjuAppukuttan2
SA UNIT III STORM.pdf
SA UNIT III STORM.pdfSA UNIT III STORM.pdf
SA UNIT III STORM.pdf
ManjuAppukuttan2
SA UNIT II KAFKA.pdf
SA UNIT II KAFKA.pdfSA UNIT II KAFKA.pdf
SA UNIT II KAFKA.pdf
ManjuAppukuttan2
SA UNIT I STREAMING ANALYTICS.pdf
SA UNIT I STREAMING ANALYTICS.pdfSA UNIT I STREAMING ANALYTICS.pdf
SA UNIT I STREAMING ANALYTICS.pdf
ManjuAppukuttan2
CHAPTER 2 BASIC ANALYSIS.pdf
CHAPTER 2 BASIC ANALYSIS.pdfCHAPTER 2 BASIC ANALYSIS.pdf
CHAPTER 2 BASIC ANALYSIS.pdf
ManjuAppukuttan2
SEPM UNIT V.pptx software engineeing and product management
SEPM UNIT V.pptx software engineeing and product managementSEPM UNIT V.pptx software engineeing and product management
SEPM UNIT V.pptx software engineeing and product management
ManjuAppukuttan2
SEPM UNIT V.pptx software engineering and product management
SEPM UNIT V.pptx software engineering and product managementSEPM UNIT V.pptx software engineering and product management
SEPM UNIT V.pptx software engineering and product management
ManjuAppukuttan2
Unit 1 Introduction to Streaming Analytics
Unit 1 Introduction to Streaming AnalyticsUnit 1 Introduction to Streaming Analytics
Unit 1 Introduction to Streaming Analytics
ManjuAppukuttan2
SRM First Review PPT Template for project
SRM First Review PPT Template for projectSRM First Review PPT Template for project
SRM First Review PPT Template for project
ManjuAppukuttan2
Streaming Analytics Unit 5 notes for engineers
Streaming Analytics Unit 5 notes for engineersStreaming Analytics Unit 5 notes for engineers
Streaming Analytics Unit 5 notes for engineers
ManjuAppukuttan2
Streaming Analytics unit 4 notes for engineers
Streaming Analytics unit 4 notes for engineersStreaming Analytics unit 4 notes for engineers
Streaming Analytics unit 4 notes for engineers
ManjuAppukuttan2
Streaming Analytics Unit 3 notes for engineers
Streaming Analytics Unit 3 notes for engineersStreaming Analytics Unit 3 notes for engineers
Streaming Analytics Unit 3 notes for engineers
ManjuAppukuttan2
Streaming Analytics unit 2 notes for engineers
Streaming Analytics unit 2 notes for engineersStreaming Analytics unit 2 notes for engineers
Streaming Analytics unit 2 notes for engineers
ManjuAppukuttan2
Streaming Analytics Unit 1 notes for engineers
Streaming Analytics Unit 1 notes for engineersStreaming Analytics Unit 1 notes for engineers
Streaming Analytics Unit 1 notes for engineers
ManjuAppukuttan2
CHAPTER 3 BASIC DYNAMIC ANALYSIS.ppt
CHAPTER 3 BASIC DYNAMIC ANALYSIS.pptCHAPTER 3 BASIC DYNAMIC ANALYSIS.ppt
CHAPTER 3 BASIC DYNAMIC ANALYSIS.ppt
ManjuAppukuttan2
CHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.pptCHAPTER 2 BASIC ANALYSIS.ppt
CHAPTER 2 BASIC ANALYSIS.ppt
ManjuAppukuttan2
UNIT 3.1 INTRODUCTON TO IDA.ppt
UNIT 3.1 INTRODUCTON TO IDA.pptUNIT 3.1 INTRODUCTON TO IDA.ppt
UNIT 3.1 INTRODUCTON TO IDA.ppt
ManjuAppukuttan2
UNIT 3.2 GETTING STARTED WITH IDA.ppt
UNIT 3.2 GETTING STARTED WITH IDA.pptUNIT 3.2 GETTING STARTED WITH IDA.ppt
UNIT 3.2 GETTING STARTED WITH IDA.ppt
ManjuAppukuttan2
SA UNIT III STORM.pdf
SA UNIT III STORM.pdfSA UNIT III STORM.pdf
SA UNIT III STORM.pdf
ManjuAppukuttan2
SA UNIT II KAFKA.pdf
SA UNIT II KAFKA.pdfSA UNIT II KAFKA.pdf
SA UNIT II KAFKA.pdf
ManjuAppukuttan2
SA UNIT I STREAMING ANALYTICS.pdf
SA UNIT I STREAMING ANALYTICS.pdfSA UNIT I STREAMING ANALYTICS.pdf
SA UNIT I STREAMING ANALYTICS.pdf
ManjuAppukuttan2
CHAPTER 2 BASIC ANALYSIS.pdf
CHAPTER 2 BASIC ANALYSIS.pdfCHAPTER 2 BASIC ANALYSIS.pdf
CHAPTER 2 BASIC ANALYSIS.pdf
ManjuAppukuttan2
Ad

Recently uploaded (20)

Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)
elelijjournal653
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
sebastianku31
ISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdf
ISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdfISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdf
ISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdf
FILTRATION ENGINEERING & CUNSULTANT
Influence line diagram in a robust model
Influence line diagram in a robust modelInfluence line diagram in a robust model
Influence line diagram in a robust model
ParthaSengupta26
"The Enigmas of the Riemann Hypothesis" by Julio Chai
"The Enigmas of the Riemann Hypothesis" by Julio Chai"The Enigmas of the Riemann Hypothesis" by Julio Chai
"The Enigmas of the Riemann Hypothesis" by Julio Chai
Julio Chai
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
Structural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptxStructural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptx
gunjalsachin
Proposed EPA Municipal Waste Combustor Rule
Proposed EPA Municipal Waste Combustor RuleProposed EPA Municipal Waste Combustor Rule
Proposed EPA Municipal Waste Combustor Rule
AlvaroLinero2
[HIFLUX] High Pressure Tube Support Catalog 2025
[HIFLUX] High Pressure Tube Support Catalog 2025[HIFLUX] High Pressure Tube Support Catalog 2025
[HIFLUX] High Pressure Tube Support Catalog 2025
危 / HIFLUX Co., Ltd.
Digital Crime Substantive Criminal Law General Conditions Offenses In...
Digital Crime Substantive Criminal Law General Conditions Offenses In...Digital Crime Substantive Criminal Law General Conditions Offenses In...
Digital Crime Substantive Criminal Law General Conditions Offenses In...
ManiMaran230751
9aeb2aae-3b85-47a5-9776-154883bbae57.pdf
9aeb2aae-3b85-47a5-9776-154883bbae57.pdf9aeb2aae-3b85-47a5-9776-154883bbae57.pdf
9aeb2aae-3b85-47a5-9776-154883bbae57.pdf
RishabhGupta578788
Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...
Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...
Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...
BeHappy728244
Fresh concrete Workability Measurement
Fresh concrete Workability MeasurementFresh concrete Workability Measurement
Fresh concrete Workability Measurement
SasiVarman5
Forensic Science Digital Forensics Digital Evidence The Digital Forensi...
Forensic Science Digital Forensics Digital Evidence The Digital Forensi...Forensic Science Digital Forensics Digital Evidence The Digital Forensi...
Forensic Science Digital Forensics Digital Evidence The Digital Forensi...
ManiMaran230751
fy06_46f6-ht30_22_oil_gas_industry_guidelines.ppt
fy06_46f6-ht30_22_oil_gas_industry_guidelines.pptfy06_46f6-ht30_22_oil_gas_industry_guidelines.ppt
fy06_46f6-ht30_22_oil_gas_industry_guidelines.ppt
sukarnoamin
ISO 4548-9 Oil Filter Anti Drain Catalogue.pdf
ISO 4548-9 Oil Filter Anti Drain Catalogue.pdfISO 4548-9 Oil Filter Anti Drain Catalogue.pdf
ISO 4548-9 Oil Filter Anti Drain Catalogue.pdf
FILTRATION ENGINEERING & CUNSULTANT
[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)
[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)
[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)
危 / HIFLUX Co., Ltd.
ISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdf
ISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdfISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdf
ISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdf
FILTRATION ENGINEERING & CUNSULTANT
Application Security and Secure Software Development Lifecycle
Application Security and Secure Software Development LifecycleApplication Security and Secure Software Development Lifecycle
Application Security and Secure Software Development Lifecycle
DrKavithaP1
May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...
May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...
May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...
gerogepatton
Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)
elelijjournal653
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
sebastianku31
ISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdf
ISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdfISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdf
ISO 4020-6.1- Filter Cleanliness Test Rig Catalogue.pdf
FILTRATION ENGINEERING & CUNSULTANT
Influence line diagram in a robust model
Influence line diagram in a robust modelInfluence line diagram in a robust model
Influence line diagram in a robust model
ParthaSengupta26
"The Enigmas of the Riemann Hypothesis" by Julio Chai
"The Enigmas of the Riemann Hypothesis" by Julio Chai"The Enigmas of the Riemann Hypothesis" by Julio Chai
"The Enigmas of the Riemann Hypothesis" by Julio Chai
Julio Chai
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
Structural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptxStructural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptx
gunjalsachin
Proposed EPA Municipal Waste Combustor Rule
Proposed EPA Municipal Waste Combustor RuleProposed EPA Municipal Waste Combustor Rule
Proposed EPA Municipal Waste Combustor Rule
AlvaroLinero2
[HIFLUX] High Pressure Tube Support Catalog 2025
[HIFLUX] High Pressure Tube Support Catalog 2025[HIFLUX] High Pressure Tube Support Catalog 2025
[HIFLUX] High Pressure Tube Support Catalog 2025
危 / HIFLUX Co., Ltd.
Digital Crime Substantive Criminal Law General Conditions Offenses In...
Digital Crime Substantive Criminal Law General Conditions Offenses In...Digital Crime Substantive Criminal Law General Conditions Offenses In...
Digital Crime Substantive Criminal Law General Conditions Offenses In...
ManiMaran230751
9aeb2aae-3b85-47a5-9776-154883bbae57.pdf
9aeb2aae-3b85-47a5-9776-154883bbae57.pdf9aeb2aae-3b85-47a5-9776-154883bbae57.pdf
9aeb2aae-3b85-47a5-9776-154883bbae57.pdf
RishabhGupta578788
Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...
Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...
Direct Current circuitsDirect Current circuitsDirect Current circuitsDirect C...
BeHappy728244
Fresh concrete Workability Measurement
Fresh concrete Workability MeasurementFresh concrete Workability Measurement
Fresh concrete Workability Measurement
SasiVarman5
Forensic Science Digital Forensics Digital Evidence The Digital Forensi...
Forensic Science Digital Forensics Digital Evidence The Digital Forensi...Forensic Science Digital Forensics Digital Evidence The Digital Forensi...
Forensic Science Digital Forensics Digital Evidence The Digital Forensi...
ManiMaran230751
fy06_46f6-ht30_22_oil_gas_industry_guidelines.ppt
fy06_46f6-ht30_22_oil_gas_industry_guidelines.pptfy06_46f6-ht30_22_oil_gas_industry_guidelines.ppt
fy06_46f6-ht30_22_oil_gas_industry_guidelines.ppt
sukarnoamin
ISO 4548-9 Oil Filter Anti Drain Catalogue.pdf
ISO 4548-9 Oil Filter Anti Drain Catalogue.pdfISO 4548-9 Oil Filter Anti Drain Catalogue.pdf
ISO 4548-9 Oil Filter Anti Drain Catalogue.pdf
FILTRATION ENGINEERING & CUNSULTANT
[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)
[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)
[HIFLUX] Lok Fitting&Valve Catalog 2025 (Eng)
危 / HIFLUX Co., Ltd.
ISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdf
ISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdfISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdf
ISO 4548-7 Filter Vibration Fatigue Test Rig Catalogue.pdf
FILTRATION ENGINEERING & CUNSULTANT
Application Security and Secure Software Development Lifecycle
Application Security and Secure Software Development LifecycleApplication Security and Secure Software Development Lifecycle
Application Security and Secure Software Development Lifecycle
DrKavithaP1
May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...
May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...
May 2025 - Top 10 Read Articles in Artificial Intelligence and Applications (...
gerogepatton
Ad

CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt

  • 1. Chapter 1 Malware Analysis Primer Prepared by, Dr. A. Manju, M.E., Ph.D, Assistant Professor, SRM Institute of Science & Technology, Ramapuram Campus Michael Sikorski, Practical Malware Analysis The Hands-On Guide to Dissecting Malicious Software, Kindle Edition, No Starch Press; 1 edition (1 February 2012), ISBN: 1593272901
  • 2. Outline The Goals of Malware Analysis Malware Analysis Techniques Types of Malware General Rules for Malware Analysis
  • 3. The Goals of Malware Analysis The purpose of malware analysis is usually to provide the information you need to respond to a network intrusion. Your goals will typically be to determine exactly what happened, and to ensure that youve located all infected machines and files. When analyzing suspected malware, your goal will typically be to determine exactly what a particular suspect binary can do, how to detect it on your network, and how to measure and contain its damage. Once you identify which files require full analysis, its time to develop signatures to detect malware infections on your network.
  • 4. The Goals of Malware Analysis Host-based signatures, or indicators, are used to detect malicious code on victim computers. These indicators often identify files created or modified by the malware or specific changes that it makes to the registry. Unlike antivirus signatures, malware indicators focus on what the malware does to a system, not on the characteristics of the malware itself, which makes them more effective in detecting malware that changes form or that has been deleted from the hard disk. Network signatures are used to detect malicious code by monitoring network traffic. Network signatures can be created without malware analysis, but signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.
  • 5. Malware Analysis Techniques There are two fundamental approaches to malware analysis: o static and o dynamic. Static analysis involves examining the malware without running it. Dynamic analysis involves running the malware.
  • 6. Malware Analysis Techniques Both techniques are further categorized as basic or advanced. Basic Static Analysis: o Examining the executable file without viewing the actual instructions. o Confirm whether a file is malicious, provide information about its functionality, and sometimes provide information that will allow you to produce simple network signatures. o Straightforward and can be quick, but its largely ineffective against sophisticated malware, and it can miss important behaviors. Basic Dynamic Analysis: o Involve running the malware and observing its behavior on the system in order to remove the infection, produce effective signatures, or both. o However, before you can run malware safely, you must set up an environment that will allow you to study the running malware without risk of damage to your system or network. o Basic dynamic analysis techniques can be used by most people without deep programming knowledge, but they wont be effective with all malware and can miss important functionality.
  • 7. Malware Analysis Techniques Advanced Static Analysis: o consists of reverse-engineering the malwares internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does. o The instructions are executed by the CPU, so advanced static analysis tells you exactly what the program does. o It has a steeper learning curve than basic static analysis and requires specialized knowledge of disassembly, code constructs, and Windows operating system concepts. Advanced Dynamic Analysis: o Uses a debugger to examine the internal state of a running malicious executable. o Provide another way to extract detailed information from an executable. o These techniques are most useful when youre trying to obtain information that is difficult to gather with the other techniques.
  • 8. Types of Malware Backdoor: Malicious code that installs itself onto a computer to allow the attacker access. Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system. Botnet: Similar to a backdoor, in that it allows the attacker access to the system, but all computers infected with the same botnet receive the same instructions from a single command-and-control server. Downloader: Malicious code that exists only to download other malicious code. Downloaders are commonly installed by attackers when they first gain access to a system. The downloader program will download and install additional malicious code.
  • 9. Types of Malware Information-stealing malware: Malware that collects information from a victims computer and usually sends it to the attacker. Examples include sniffers, password hash grabbers, and keyloggers. This malware is typically used to gain access to online accounts such as email or online banking. Launcher: Malicious program used to launch other malicious programs. Usually, launchers use non-traditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system. Rootkit: Malicious code designed to conceal the existence of other code. Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
  • 10. Types of Malware Scareware: Malware designed to frighten an infected user into buying something. It usually has a user interface that makes it look like an antivirus or other security program. It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their software, when in reality, the software its selling does nothing more than remove the scareware. Spam-sending malware: Malware that infects a users machine and then uses that machine to send spam. This malware generates income for attackers by allowing them to sell spam- sending services. Worm or virus: Malicious code that can copy itself and infect additional computers.
  • 11. General Rules of Malware Analysis Most malware programs are large and complex, and you cant possibly understand every detail. First, focus on the key features. When you run into difficult and complex sections, try to get a general overview before you get stuck in the weeds. Second, remember that different tools and approaches are available for different jobs. There is no one approach. If you get stuck, dont spend too long on any one issue; move on to something else. Try analyzing the malware from a different angle, or just try a different approach. Finally, remember that malware analysis is like a cat-and-mouse game. As new malware analysis techniques are developed, malware authors respond with new techniques to thwart analysis. To succeed as a malware analyst, you must be able to recognize, understand, and defeat these techniques, and respond to changes in the art of malware analysis.
About
息 2025 際際滷