What is one malware;
The malware is an executable or binary file that has (as the name implies) malicious intent.
The malware software is used by intruders to perform a variety of malicious actions such as:
- Target espionage through:
- Data exfiltration
- Data encryption and destruction
Malware refers to any binary or executable that is malicious, however, the malware is further classified based on its functionality. Here are the different types of malware:
- Trojans - A type of malware that disguises itself as a legitimate social engineering program. It can destroy and eliminate data and can also be used for espionage.
- RAT's - A type of malware that allows an attacker to access and execute remote commands on the system. Its functionality can be extended with modules such as keyloggers.
- Ransomware - A type of malware that encrypts all files on the system and keeps the system and its data ransomed.
- Dropper - A type of malware designed to download / drop additional malware.
What is Malware Analysis?
Malware analysis is the process of analyzing a sample of malware / binary software and extracting as much information as possible from it. The information we export helps us to understand the scope of malware functionality, how the system was infected with malware and how to defend against similar attacks in the future.
Malware analysis data:
- Understand the type of malware and the full range of what it can do (functionality). Is it Keylogger, RAT or
- How the system was infected by malware. Is it a targeted attack or a cyber attack?
- How it communicates with the intruder.
- To remove useful pointers such as registry entries / keys and filenames in order to create signatures that can be used to detect future detection.
Types of malware analysis:
- Static analysis - It is the process of analyzing malware without executing or executing it. The goal is to extract as much metadata as possible from the malware. Example; strings, headers
- Dynamic analysis - It is the process of executing malware and analyzing its functionality and behavior. The goal is to understand exactly how and what malware does during execution. This is done in a debugger.
- Code Analysis - This is the process of analyzing / reverse mechanically assembling code. This can be done both statically and dynamically (Static and dynamic code analysis)
- Behavioral analysis - It is the process of analyzing and monitoring malware after execution. Includes monitoring of processes, registry entries and network monitoring to determine the operation of malware.