Automatic Malware Analysis 2008-09-19

1,035 views

Published on

How to automatically analyze potential malware using free services. Original broadcast date: 2008-09-19

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,035
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
40
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Automatic Malware Analysis 2008-09-19

  1. 1. Automatic Malware Analysis <ul><ul><li>Michael Boman, Security Guy, Sweden </li></ul></ul><ul><ul><li>http://michaelboman.org </li></ul></ul>
  2. 2. Agenda <ul><li>Scenario </li></ul><ul><li>Solutions </li></ul><ul><li>Questions & Answers </li></ul>
  3. 3. Scenario <ul><li>Want to determine if a suspect file is malicious </li></ul>
  4. 4. Solutions <ul><li>Scan it with one or more anti-malware softwares </li></ul><ul><li>Run it in a virtual/air-gapped system </li></ul><ul><ul><li>Both approaches requires a infrastructure (system with required tools + knowledge), which more organizations doesn't have readable available </li></ul></ul>
  5. 5. VirusTotal <ul><li>Scans uploaded files with 39 different antivirus engines at once </li></ul>
  6. 6. CWSandBox <ul><li>Run the uploaded file in a virtual windows environment </li></ul><ul><li>Tracks </li></ul><ul><ul><li>File and Registry operations </li></ul></ul><ul><ul><li>Program execution </li></ul></ul><ul><ul><li>Network operations </li></ul></ul>
  7. 7. Norman Sandbox <ul><li>Run the uploaded file in a virtual windows environment </li></ul><ul><li>Tracks </li></ul><ul><ul><li>File and Registry operations </li></ul></ul><ul><ul><li>Program execution </li></ul></ul><ul><ul><li>Network operations </li></ul></ul>
  8. 8. Question & Answers
  9. 9. Thank you!

×