2. An Introduction to Malware Analysis 02
Shawn Thomas
@Understudy77
• Paranoid and head of the Security
Operations Center at Verizon Media
• Breach consultant in a past life
• Possibly rusty on this topic
• Sucks at Twitter
3. An Introduction to Malware Analysis
- It’s been awhile since I’ve done this every day
- There are many more tools and methodologies than
just the ones I will be covering
- This is very much an introduction to some tools and
thought processes to look at potentially malicious files
03
Disclaimer
4. An Introduction to Malware Analysis
- Ubuntu 14.04 with Remnux installed
04
The Toolset
- In Remnux
- pdfid
- pdf-parser
- pdfdetach
- oletools
- VMWare (orVirtualBox to keep it free and Open Source)
- In ourVM
- Process Explorer
- Regshot
- Fiddler/Wireshark
- Cuckoo Sandbox if we have time
5. An Introduction to Malware Analysis
- You are a security analyst for the Daily Bugle
- You just received an alert/notification about a
suspicious email with an attachment
- You have gotten a copy of the pdf attached to
the email for analysis
05
The Setup
7. An Introduction to Malware Analysis
What can you as a security person do with this
information?
07
Follow on actions
8. An Introduction to Malware Analysis
- pdfid [filename].pdf
- pdf-parser [filename].pdf |more
- pdfdetach –list [filename].pdf
- pdfdetach –saveall [filename].pdf
- olevba –d [filename].doc |more
08
Commands ran
9. An Introduction to Malware Analysis
- virustotal.com
- urlvoid.com
- ipvoid.com
- http://irma.quarkslab.com/
- https://www.joesecurity.org/joe-sandbox-cloud
- malwr.com
- https://zeltser.com/reverse-engineering-malicious-code-tips/
- https://zeltser.com/build-malware-analysis-toolkit/
- https://digital-forensics.sans.org/blog/2010/11/12/get-started-with-
malware-analysis/
Books
- Malware Analysts Cookbook
- Practical Reverse Engineering
09
Links (aka the take a picture slides)
10. An Introduction to Malware Analysis
- http://contagiodump.blogspot.com/
- http://dasmalwerk.eu/
- https://malshare.com/
- http://thezoo.morirt.com/
- http://openmalware.org/
- https://virusshare.com/
- https://zeltser.com/malware-sample-sources/
10
Links TO LIVE MALWARE (use at own risk)
11. An Introduction to Malware Analysis
Questions,Thoughts, Comments, Concerns, Gripes?
10