What is Malware?
Malware is an executable or binary file that has (as the name implies) malicious intent.
Malware software is used by intruders to perform a variety of malicious actions such as:
- Target espionage through:
- Data exfiltration
- Data encryption and destruction
Types of Malware
Malware refers to any binary or executable that is malicious, however, the malware is further classified based on its functionality. Here are the different types of malware:
- Trojans - A type of malware that disguises itself as a legitimate program for social engineering purposes. It can destroy and eliminate data and can also be used for espionage.
- RAT's - A type of malware that allows an attacker to access and execute remote commands on the system. Its functionality can be extended with modules such as keyloggers.
- Ransomware - A type of malware that encrypts all files on the system and saves the system and its data for ransom.
- Dropper - A type of malware intended to download / drop additional malware.
What is malware analysis?
Malware analysis is the process of analyzing a sample / binary malware software and extracting as much information as possible from it. The information we export helps us to understand the scope of malware functionality, how the system was infected by malware and how to defend against similar attacks in the future.
Malware analysis data:
- Understand the type of malware and the full range of what it can do (functionality). Is it Keylogger, RAT or
- How the system was infected by malware. Is it a targeted attack or an e-fishing attack?
- How it communicates with the intruder.
- To remove useful pointers such as registry entries / keys and filenames in order to create signatures that can be used to detect future detection.
Types of malware analysis:
- Static analysis - It is the process of analyzing malware without executing or executing it. The goal is to extract as much metadata as possible from the malware. Example; strings, headers
- Dynamic analysis - It is the process of executing malware and analyzing its functionality and behavior. The goal is to understand exactly how and what malware does during execution. This is done in a debugger.
- Code Analysis - This is the process of code analysis / reverse engineering. This can be done both statically and dynamically (Static and dynamic code analysis)
- Behavioral analysis - It is the process of analyzing and monitoring malware after execution. It includes monitoring the processes, registry entries and network monitoring to determine the malware.