Introduction to malware analysis

What is Malware?

Malware is an executable or binary file that has (as the name implies) malicious intent.

Malware software is used by intruders to perform a variety of malicious actions such as:

  1. Target espionage through:
  1. Data exfiltration
  2. Data encryption and destruction
  3. Ransomware

Types of Malware

Malware refers to any binary or executable that is malicious, however, the malware is further classified based on its functionality. Here are the different types of malware:

  • Trojans - A type of malware that disguises itself as a legitimate program for social engineering purposes. It can destroy and eliminate data and can also be used for espionage.
  • RAT's – Type of malware that allows an attacker to access and execute remote commands on the system. Its functionality can be extended with modules such as keyloggers.
  • Ransomware - A type of malware that encrypts all files on the system and saves the system and its data for ransom.
  • Dropper - A type of malware intended to download / drop additional malware.

What is malware analysis?

Malware analysis is the process of analyzing a sample / binary malware software and extracting as much information as possible from it. The information we export helps us to understand the scope of malware functionality, how the system was infected by malware and how to defend against similar attacks in the future.

Malware analysis data:

  • Understand the type of malware and the full range of what it can do (functionality). Is it Keylogger, RAT or
  • How the system was infected by malware. Is it a targeted attack or a ;
  • How it communicates with the intruder.
  • To remove useful pointers such as registry entries / keys and names in order to create signatures that can be used to detect future detection.

Types of malware analysis:

  • Static analysis - It is the process of analyzing malware without executing or executing it. The goal is to extract as much metadata as possible from the malware. Example; strings, headers
  • Dynamic analysis - It is the process of executing malware and analyzing its functionality and behavior. The goal is to understand exactly how and what malware does during execution. This is done in a debugger.
  • Code Analysis - This is the process of code analysis / reverse engineering. This can be done both statically and dynamically (Static and dynamic code analysis)
  • Behavioral analysis – It is the analysis process and ς του κακόβουλου λογισμικού μετά την εκτέλεση. Περιλαμβάνει παρακολούθηση των διαδικασιών, καταχωρίσεων μητρώου και παρακολούθησης δικτύου για τον προσδιορισμό της of malware.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).