A comparison of tools for malware analysis

682 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
682
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

A comparison of tools for malware analysis

  1. 1. A COMPARISON OF TOOLS FOR MALWARE ANALYSIS Tiziana Spata tizianaspata@yahoo.it Università degli Studi di Catania Dipartimento di Matematica e Informatica
  2. 2. Malware is everywhere...
  3. 3. Malware Analysis PROGRAM UNDERSTANDING PREVENT MALWARE ATTACK Static Analysis  Dinamic Analysis 
  4. 4. Static Analysis It’s performed without executing the program: • Disassemble the malware • Control flow or Data flow analysis: provide a great deal of information on how malware functions
  5. 5. IDA Pro The Interactive Disassembler Professional is a product of Hex-Rays. It’s a recursive descent disassembler: • Sequential Flow Instructions • Conditional Branching Instructions • Unconditional Branching Instructions • Function Call Instructions • Return Instructions
  6. 6. Dinamic Analysis It’s performed by executing programs on a real or virtual environment. • Black Box Analysis: "what you see is all you get" • White Box Analysis: it’s different from Static Analysis!
  7. 7. Wireshark It’s a free and open-source packet analyzer. Most network interfaces can be put in “promiscuous mode”, in which they supply to the host all network packets they see.
  8. 8. oSpy It’s a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on.
  9. 9. Process Monitor It’s an advanced monitoring tool for Windows that shows real-time file system, registry and process/thread activity. Process Monitor includes powerful monitoring and filtering capabilities: • File System • Registry • Process • Network • Profiling
  10. 10. OllyDbg It’s a debugger that races registers, recognizes procedures, API calls… It has a friendly interface, and its functionality can be extended by third party plugins.
  11. 11. Conclusions A good analysis of malware can be made thanks to the combination of several tools that implement techniques of static and dynamic analysis. Thanks for your attention!

×