SlideShare a Scribd company logo

Introduction To Malware Analysis.pptx

Download as PPTX, PDF
T
TrngTun36

Malware

Software
1 of 6
Malware Analysis Bootcamp Learning Malware Analysis The Right Way
What is Malware? ● Malware is an executable or a binary that is malicious in nature. ● Malware is used by attackers to perform a variety of malicious actions like: ○ Spying on the target through: ■ RAT’s ■ Keyloggers ○ Data Exfiltration ○ Data encryption and destruction ■ Ransomware
Types Of Malware Malware refers to any binary or executable that is malicious, however Malware is sorted in to further denominations based on its functionality. Here are the various types of Malware: ● Trojans - Type of malware that disguises itself as a legitimate program for social engineering purposes. It can destroy and exfiltrate data and can also be used for spying. ● RAT’s - Type of malware that allows the attacker to remotely access and execute commands on the system. It’s functionality can be extended with modules like keyloggers. ● Ransomware - Type of malware that encrypts all files on the system and holds the system and its data for ransom. ● Dropper - Type of malware whose purpose is to download/drop additional malware.
What Is Malware Analysis? Malware analysis is the process of analyzing a malware sample/binary and extracting as much information as possible from it. The information we extract helps us understand the scope of the functionality of the Malware, how the system was infected with the malware and how to defend against similar attacks in the future. Objectives of malware analysis: ● To understand the type of malware and the entire scope of what it can do (functionality). Is it a Keylogger, RAT or Ransomware. ● How the system was infected with the malware. Is it a targeted attack or a phishing attack? ● How it communicates with the attacker. ● To exfiltrate useful indicators like registry entries/keys and filenames for the purpose generating signatures that can be used to detect future detection.
Types Of Malware Analysis ● Static analysis - Is the process of analyzing malware without executing or running it. The objective is to extract as much metadata from the malware as possible. Example; strings, PE headers. ● Dynamic analysis - Is the process of executing malware and analyzing it’s functionality and behaviour. The objective is to understand exactly how and what the malware does during the execution. This is done in a debugger. ● Code Analysis - Is the process of analyzing/reverse engineering assembly code. This can be both statically and dynamically done (Static and dynamic code analysis) ● Behavioural analysis - Is the process of analyzing and monitoring the malware after execution. It involves monitoring the processes, registry entries and network monitoring to determine the workings of the malware.
Next up: Setting up our environment

Recommended

Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
Eduardo Chavarro
 
What Are The Types of Malware? Must Read
What Are The Types of Malware? Must ReadWhat Are The Types of Malware? Must Read
What Are The Types of Malware? Must Read
Bytecode Security
 
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis
HusseinMuhaisen
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
faris707
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfCHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
ManjuAppukuttan2
 
Chapter 1 malware analysis primer
Chapter 1 malware analysis primerChapter 1 malware analysis primer
Chapter 1 malware analysis primer
ManjuA8
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
ManjuAppukuttan2
 

Recommended

Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
Eduardo Chavarro
 
What Are The Types of Malware? Must Read
What Are The Types of Malware? Must ReadWhat Are The Types of Malware? Must Read
What Are The Types of Malware? Must Read
Bytecode Security
 
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis
HusseinMuhaisen
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
faris707
 
Malware forensic
Malware forensicMalware forensic
Malware forensic
SumeraHangi
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfCHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
ManjuAppukuttan2
 
Chapter 1 malware analysis primer
Chapter 1 malware analysis primerChapter 1 malware analysis primer
Chapter 1 malware analysis primer
ManjuA8
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
ManjuAppukuttan2
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
Editor IJMTER
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdf
WajdiElhamzi3
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
Sitamarhi Institute of Technology
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
Sitamarhi Institute of Technology
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
Akash Karwande
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdf
Shylesh BC
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
rtodd884
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
Dushyant Singh
 
Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Computer Viruses & Management Strategies
Computer Viruses & Management Strategies
Dasun Hegoda
 
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro MagazinePentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
cyberprosocial
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
What is Remote Administration Tools (RAT).pdf
What is Remote Administration Tools (RAT).pdfWhat is Remote Administration Tools (RAT).pdf
What is Remote Administration Tools (RAT).pdf
uzair
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
Antonio Parata
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Sandeep Kumar Seeram
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
SKMohamedKasim
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
bartblaze
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
Q Fadlan
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

More Related Content

Similar to Introduction To Malware Analysis.pptx

Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
rtodd884
 
What is Remote Administration Tools (RAT).pdf
What is Remote Administration Tools (RAT).pdfWhat is Remote Administration Tools (RAT).pdf
What is Remote Administration Tools (RAT).pdf
uzair
 

Similar to Introduction To Malware Analysis.pptx (20)

Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
M1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdfM1-02-HowCriminalsPlan.pdf
M1-02-HowCriminalsPlan.pdf
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Computer Viruses & Management Strategies
Computer Viruses & Management Strategies
 
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro MagazinePentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
 
Metasploit
MetasploitMetasploit
Metasploit
 
What is Remote Administration Tools (RAT).pdf
What is Remote Administration Tools (RAT).pdfWhat is Remote Administration Tools (RAT).pdf
What is Remote Administration Tools (RAT).pdf
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware Analysis
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 

Recently uploaded

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Recently uploaded (20)

WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
WSO2Con2024 - GitOps in Action: Navigating Application Deployment in the Plat...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
WSO2Con2024 - Simplified Integration: Unveiling the Latest Features in WSO2 L...
 

Introduction To Malware Analysis.pptx

  • 1. Malware Analysis Bootcamp Learning Malware Analysis The Right Way
  • 2. What is Malware? ● Malware is an executable or a binary that is malicious in nature. ● Malware is used by attackers to perform a variety of malicious actions like: ○ Spying on the target through: ■ RAT’s ■ Keyloggers ○ Data Exfiltration ○ Data encryption and destruction ■ Ransomware
  • 3. Types Of Malware Malware refers to any binary or executable that is malicious, however Malware is sorted in to further denominations based on its functionality. Here are the various types of Malware: ● Trojans - Type of malware that disguises itself as a legitimate program for social engineering purposes. It can destroy and exfiltrate data and can also be used for spying. ● RAT’s - Type of malware that allows the attacker to remotely access and execute commands on the system. It’s functionality can be extended with modules like keyloggers. ● Ransomware - Type of malware that encrypts all files on the system and holds the system and its data for ransom. ● Dropper - Type of malware whose purpose is to download/drop additional malware.
  • 4. What Is Malware Analysis? Malware analysis is the process of analyzing a malware sample/binary and extracting as much information as possible from it. The information we extract helps us understand the scope of the functionality of the Malware, how the system was infected with the malware and how to defend against similar attacks in the future. Objectives of malware analysis: ● To understand the type of malware and the entire scope of what it can do (functionality). Is it a Keylogger, RAT or Ransomware. ● How the system was infected with the malware. Is it a targeted attack or a phishing attack? ● How it communicates with the attacker. ● To exfiltrate useful indicators like registry entries/keys and filenames for the purpose generating signatures that can be used to detect future detection.
  • 5. Types Of Malware Analysis ● Static analysis - Is the process of analyzing malware without executing or running it. The objective is to extract as much metadata from the malware as possible. Example; strings, PE headers. ● Dynamic analysis - Is the process of executing malware and analyzing it’s functionality and behaviour. The objective is to understand exactly how and what the malware does during the execution. This is done in a debugger. ● Code Analysis - Is the process of analyzing/reverse engineering assembly code. This can be both statically and dynamically done (Static and dynamic code analysis) ● Behavioural analysis - Is the process of analyzing and monitoring the malware after execution. It involves monitoring the processes, registry entries and network monitoring to determine the workings of the malware.
  • 6. Next up: Setting up our environment