Introduction to malware analysis

What is one ;

Malware is an executable or binary which has (as the name suggests) a malicious purpose.

Malware software is used by intruders to perform a variety of malicious actions such as:

  1. Target espionage through:
  • RAT's
  • Keyloggers
  1. Data exfiltration
  2. Data encryption and destruction

Types of Malware

The refers to any binary or executable that is malicious, however, malware is classified into further denominations based on its functionality. Here are the different types of malware:

  • Trojans - A type of malware that disguises itself as a legitimate program for social engineering purposes. It can destroy and eliminate data and can also be used for espionage.
  • RAT's – Type of malware that allows an attacker to access and execute remote commands on the system. Its functionality can be extended with modules such as keyloggers.
  • Ransomware - A type of malware that encrypts all files on the system and saves the system and its data for ransom.
  • Dropper - A type of malware intended to download / drop additional malware.

What is malware analysis?

Malware analysis is the process of analyzing a malware sample / binary and extracting as much information as possible from it. The that we extract help us understand the scope of the malware's functionality, how the system was infected by the malware, and how to defend against similar attacks in the future.

Malware analysis data:

  • Understand the type of malware and the full range of what it can do (functionality). Is it Keylogger, RAT or
  • How the system was infected by malware. Is it a targeted attack or an e-fishing attack?
  • How it communicates with the intruder.
  • To remove useful pointers such as registry entries / keys and filenames in order to create signatures that can be used to detect future detection.

Types of malware analysis:

  • Static analysis - It is the process of analyzing malware without executing or executing it. The goal is to extract as much metadata as possible from the malware. Example; strings, headers
  • Dynamic analysis - It is the process of executing malware and analyzing its functionality and behavior. The goal is to understand exactly how and what malware does during execution. This is done in a debugger.
  • Code Analysis - This is the process of code analysis / reverse engineering. This can be done both statically and dynamically (Static and dynamic code analysis)
  • Behavioral analysis - It is the process of analyzing and monitoring malware after execution. It includes monitoring the processes, registry entries and network monitoring to determine the malware.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

malwaremalware

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).