SlideShare a Scribd company logo

Chapter 1 malware analysis primer

Download as PPT, PDF
M
ManjuA8

Malware Analysis

Engineering
1 of 11
Chapter 1 Malware Analysis Primer
Outline  The Goals of Malware Analysis  Malware Analysis Techniques  Types of Malware  General Rules for Malware Analysis
The Goals of Malware Analysis  The purpose of malware analysis is usually to provide the information you need to respond to a network intrusion.  Your goals will typically be to determine exactly what happened, and to ensure that you’ve located all infected machines and files.  When analyzing suspected malware, your goal will typically be to determine exactly what a particular suspect binary can do, how to detect it on your network, and how to measure and contain its damage.  Once you identify which files require full analysis, it’s time to develop signatures to detect malware infections on your network.
The Goals of Malware Analysis  Host-based signatures, or indicators, are used to detect malicious code on victim computers. These indicators often identify files created or modified by the malware or specific changes that it makes to the registry. Unlike antivirus signatures, malware indicators focus on what the malware does to a system, not on the characteristics of the malware itself, which makes them more effective in detecting malware that changes form or that has been deleted from the hard disk.  Network signatures are used to detect malicious code by monitoring network traffic. Network signatures can be created without malware analysis, but signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.
Malware Analysis Techniques  There are two fundamental approaches to malware analysis: o static and o dynamic.  Static analysis involves examining the malware without running it.  Dynamic analysis involves running the malware.
Malware Analysis Techniques  Both techniques are further categorized as basic or advanced.  Basic Static Analysis: o Examining the executable file without viewing the actual instructions. o Confirm whether a file is malicious, provide information about its functionality, and sometimes provide information that will allow you to produce simple network signatures. o Straightforward and can be quick, but it’s largely ineffective against sophisticated malware, and it can miss important behaviors.  Basic Dynamic Analysis: o Involve running the malware and observing its behavior on the system in order to remove the infection, produce effective signatures, or both. o However, before you can run malware safely, you must set up an environment that will allow you to study the running malware without risk of damage to your system or network. o Basic dynamic analysis techniques can be used by most people without deep programming knowledge, but they won’t be effective with all malware and can miss important functionality.
Malware Analysis Techniques  Advanced Static Analysis: o consists of reverse-engineering the malware’s internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does. o The instructions are executed by the CPU, so advanced static analysis tells you exactly what the program does. o It has a steeper learning curve than basic static analysis and requires specialized knowledge of disassembly, code constructs, and Windows operating system concepts.  Advanced Dynamic Analysis: o Uses a debugger to examine the internal state of a running malicious executable. o Provide another way to extract detailed information from an executable. o These techniques are most useful when you’re trying to obtain information that is difficult to gather with the other techniques.
Types of Malware  Backdoor: Malicious code that installs itself onto a computer to allow the attacker access. Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system.  Botnet: Similar to a backdoor, in that it allows the attacker access to the system, but all computers infected with the same botnet receive the same instructions from a single command-and-control server.  Downloader: Malicious code that exists only to download other malicious code. Downloaders are commonly installed by attackers when they first gain access to a system. The downloader program will download and install additional malicious code.
Types of Malware  Information-stealing malware: Malware that collects information from a victim’s computer and usually sends it to the attacker. Examples include sniffers, password hash grabbers, and keyloggers. This malware is typically used to gain access to online accounts such as email or online banking.  Launcher: Malicious program used to launch other malicious programs. Usually, launchers use non-traditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system.  Rootkit: Malicious code designed to conceal the existence of other code. Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
Types of Malware  Scareware: Malware designed to frighten an infected user into buying something. It usually has a user interface that makes it look like an antivirus or other security program. It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their “software,” when in reality, the software it’s selling does nothing more than remove the scareware.  Spam-sending malware: Malware that infects a user’s machine and then uses that machine to send spam. This malware generates income for attackers by allowing them to sell spam- sending services.  Worm or virus: Malicious code that can copy itself and infect additional computers.
General Rules of Malware Analysis  Most malware programs are large and complex, and you can’t possibly understand every detail. First, focus on the key features. When you run into difficult and complex sections, try to get a general overview before you get stuck in the weeds.  Second, remember that different tools and approaches are available for different jobs. There is no one approach. If you get stuck, don’t spend too long on any one issue; move on to something else. Try analyzing the malware from a different angle, or just try a different approach.  Finally, remember that malware analysis is like a cat-and-mouse game. As new malware analysis techniques are developed, malware authors respond with new techniques to thwart analysis. To succeed as a malware analyst, you must be able to recognize, understand, and defeat these techniques, and respond to changes in the art of malware analysis.

Recommended

Malware forensic
Malware forensicMalware forensic
Malware forensicSumeraHangi
 
Ethical hacking anti virus
Ethical hacking anti virusEthical hacking anti virus
Ethical hacking anti virusmissstevenson01
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your EnemiesSoftex Software House
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis HusseinMuhaisen
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 

Recommended

Malware forensic
Malware forensicMalware forensic
Malware forensicSumeraHangi
 
Ethical hacking anti virus
Ethical hacking anti virusEthical hacking anti virus
Ethical hacking anti virusmissstevenson01
 
Know More about Your Enemies
Know More about Your EnemiesKnow More about Your Enemies
Know More about Your EnemiesSoftex Software House
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Introduction to Malware analysis
Introduction to Malware analysis Introduction to Malware analysis
Introduction to Malware analysis HusseinMuhaisen
 
Security threats explained
Security threats explained Security threats explained
Security threats explained Abhijeet Karve
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Malewareanalysis
Malewareanalysis Malewareanalysis
Malewareanalysis ahmad abdelhafeez
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus SoftwarePradeepkrajyaguru
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Malicious
MaliciousMalicious
MaliciousKhyati Rajput
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threatswardjo
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent themkrunal gandhi
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From MalwareINFONAUTICS GmbH
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malware
MalwareMalware
MalwareHarshdeep Singh
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptManjuAppukuttan2
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfCHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfManjuAppukuttan2
 

More Related Content

What's hot

Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threatswardjo
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remediesManish Kumar
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent themkrunal gandhi
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From MalwareINFONAUTICS GmbH
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 

What's hot (20)

Malewareanalysis
Malewareanalysis Malewareanalysis
Malewareanalysis
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Malicious
MaliciousMalicious
Malicious
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent them
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Malware
MalwareMalware
Malware
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 

Similar to Chapter 1 malware analysis primer

CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptManjuAppukuttan2
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfCHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfManjuAppukuttan2
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxinfantsuk
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxrtodd884
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfWajdiElhamzi3
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
malwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdfmalwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdfitsamuamit11
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksDiane M. Metcalf
 
Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxitsamuamit11
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Satria Ady Pradana
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work GuideEduardo Chavarro
 

Similar to Chapter 1 malware analysis primer (20)

CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.pptCHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
CHAPTER 1 MALWARE ANALYSIS PRIMER.ppt
 
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdfCHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
CHAPTER 1 MALWARE ANALYSIS PRIMER.pdf
 
Module 5.pdf
Module 5.pdfModule 5.pdf
Module 5.pdf
 
Module 5.Malware
Module 5.MalwareModule 5.Malware
Module 5.Malware
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdf
 
Presentation2
Presentation2Presentation2
Presentation2
 
malwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdfmalwareanti-malware-160630191004 (1).pdf
malwareanti-malware-160630191004 (1).pdf
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 
Viruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise NetworksViruses & Malware: Effects On Enterprise Networks
Viruses & Malware: Effects On Enterprise Networks
 
Presentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptxPresentation_malware_anti_malware.pptx
Presentation_malware_anti_malware.pptx
 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
 
Practical Incident Response - Work Guide
Practical Incident Response - Work GuidePractical Incident Response - Work Guide
Practical Incident Response - Work Guide
 
Computer virus
Computer virusComputer virus
Computer virus
 

Recently uploaded

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 

Recently uploaded (20)

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 

Chapter 1 malware analysis primer

  • 2. Outline  The Goals of Malware Analysis  Malware Analysis Techniques  Types of Malware  General Rules for Malware Analysis
  • 3. The Goals of Malware Analysis  The purpose of malware analysis is usually to provide the information you need to respond to a network intrusion.  Your goals will typically be to determine exactly what happened, and to ensure that you’ve located all infected machines and files.  When analyzing suspected malware, your goal will typically be to determine exactly what a particular suspect binary can do, how to detect it on your network, and how to measure and contain its damage.  Once you identify which files require full analysis, it’s time to develop signatures to detect malware infections on your network.
  • 4. The Goals of Malware Analysis  Host-based signatures, or indicators, are used to detect malicious code on victim computers. These indicators often identify files created or modified by the malware or specific changes that it makes to the registry. Unlike antivirus signatures, malware indicators focus on what the malware does to a system, not on the characteristics of the malware itself, which makes them more effective in detecting malware that changes form or that has been deleted from the hard disk.  Network signatures are used to detect malicious code by monitoring network traffic. Network signatures can be created without malware analysis, but signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.
  • 5. Malware Analysis Techniques  There are two fundamental approaches to malware analysis: o static and o dynamic.  Static analysis involves examining the malware without running it.  Dynamic analysis involves running the malware.
  • 6. Malware Analysis Techniques  Both techniques are further categorized as basic or advanced.  Basic Static Analysis: o Examining the executable file without viewing the actual instructions. o Confirm whether a file is malicious, provide information about its functionality, and sometimes provide information that will allow you to produce simple network signatures. o Straightforward and can be quick, but it’s largely ineffective against sophisticated malware, and it can miss important behaviors.  Basic Dynamic Analysis: o Involve running the malware and observing its behavior on the system in order to remove the infection, produce effective signatures, or both. o However, before you can run malware safely, you must set up an environment that will allow you to study the running malware without risk of damage to your system or network. o Basic dynamic analysis techniques can be used by most people without deep programming knowledge, but they won’t be effective with all malware and can miss important functionality.
  • 7. Malware Analysis Techniques  Advanced Static Analysis: o consists of reverse-engineering the malware’s internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does. o The instructions are executed by the CPU, so advanced static analysis tells you exactly what the program does. o It has a steeper learning curve than basic static analysis and requires specialized knowledge of disassembly, code constructs, and Windows operating system concepts.  Advanced Dynamic Analysis: o Uses a debugger to examine the internal state of a running malicious executable. o Provide another way to extract detailed information from an executable. o These techniques are most useful when you’re trying to obtain information that is difficult to gather with the other techniques.
  • 8. Types of Malware  Backdoor: Malicious code that installs itself onto a computer to allow the attacker access. Backdoors usually let the attacker connect to the computer with little or no authentication and execute commands on the local system.  Botnet: Similar to a backdoor, in that it allows the attacker access to the system, but all computers infected with the same botnet receive the same instructions from a single command-and-control server.  Downloader: Malicious code that exists only to download other malicious code. Downloaders are commonly installed by attackers when they first gain access to a system. The downloader program will download and install additional malicious code.
  • 9. Types of Malware  Information-stealing malware: Malware that collects information from a victim’s computer and usually sends it to the attacker. Examples include sniffers, password hash grabbers, and keyloggers. This malware is typically used to gain access to online accounts such as email or online banking.  Launcher: Malicious program used to launch other malicious programs. Usually, launchers use non-traditional techniques to launch other malicious programs in order to ensure stealth or greater access to a system.  Rootkit: Malicious code designed to conceal the existence of other code. Rootkits are usually paired with other malware, such as a backdoor, to allow remote access to the attacker and make the code difficult for the victim to detect.
  • 10. Types of Malware  Scareware: Malware designed to frighten an infected user into buying something. It usually has a user interface that makes it look like an antivirus or other security program. It informs users that there is malicious code on their system and that the only way to get rid of it is to buy their “software,” when in reality, the software it’s selling does nothing more than remove the scareware.  Spam-sending malware: Malware that infects a user’s machine and then uses that machine to send spam. This malware generates income for attackers by allowing them to sell spam- sending services.  Worm or virus: Malicious code that can copy itself and infect additional computers.
  • 11. General Rules of Malware Analysis  Most malware programs are large and complex, and you can’t possibly understand every detail. First, focus on the key features. When you run into difficult and complex sections, try to get a general overview before you get stuck in the weeds.  Second, remember that different tools and approaches are available for different jobs. There is no one approach. If you get stuck, don’t spend too long on any one issue; move on to something else. Try analyzing the malware from a different angle, or just try a different approach.  Finally, remember that malware analysis is like a cat-and-mouse game. As new malware analysis techniques are developed, malware authors respond with new techniques to thwart analysis. To succeed as a malware analyst, you must be able to recognize, understand, and defeat these techniques, and respond to changes in the art of malware analysis.