Practical Malware Analysis Intro

The Goal of Malware Analysis

The goal is always having information to prevent network intrusion. This also means having the all of the copies of the malware eradicated from all devices on the network. For this to work, you will, more times than not, be looking into a specific binary that’s the lynch pin of the whole thing. It’s the key to detecting it next time on the network. Not only that but measuring and containing its damage.

Malware Analysis Technqiues

  1. Basic Static & Basic Dynamic Analysis

In the former, you’ll be able to look at the file and tell if it’s malicious or not. In the latter, you get to watch it run from a safe vantage point and see what it does to your computer.

  1. Advanced Static & Advanced Dynamic Analysis

In the advanced static analysis, you’ll be looking directly at the binary code, which is not human friendly. In the advanced dynamic analysis, you’ll be watching the code run from a safe virtual environment while it goes through a debugger, where you’ll be able to see what line of code does what action.

Types of Malware

~To get you up to speed, here’s what you can look for~

While there are various categories, it’s important not to get all caught up in the weeds. In any case, malware can take one of two approaches. Shotgun or Targeted. Shotgunning is when the malware goes after any and everything it can infect like scareware. The targeted approach requires more finesse and it directed either at a specific company, people, or person.

General Malware Analysis Tips

  1. Get an overview of the whole program and what it does
  2. Use different tools if the tool you’re using isn’t cutting it for analysis
  3. This is a cat-and-mouse game; malware authors are always looking for ways to thwart malware analysis. It is up to you to understand and respond to the many ways malicious code may change