SlideShare a Scribd company logo

Sorting Out The Trash

Download as PPT, PDF
F
frisksoftware

Presented at the International Antivirus Testing Workshop 2007 by Michael St. Neitzel, Senior Antivirus Architect, FRISK Software

Technology
1 of 19
Sorting out the malware trash Michael St. Neitzel, Mike@f-prot.com Out of Section IAT striped Invalid Opcode Corrupted Header Compiler Source Non-malicious Reference Non-Viral Commented Out
 
Why to sort out the trash ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],You collect trash at home, you remove it, so do it here too!
Essential tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Essential knowledge ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Rules ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Let’s get started: Bring it on ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Trial & Error Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Problems with Trial & Error ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Disassembling Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Live Example
 
 
Let’s see what happens
What should be sorted out? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The goal for automatism ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The flexible solution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How to do that in praxis? ,[object Object],[object Object]
Thank you for your attention ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Active Testing
Active TestingActive Testing
Active Testingfrisksoftware
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testingfrisksoftware
 
Test Strategies & Common Mistakes
Test Strategies & Common MistakesTest Strategies & Common Mistakes
Test Strategies & Common Mistakesfrisksoftware
 
The Difference between Track and Testing Performance
The Difference between Track and Testing PerformanceThe Difference between Track and Testing Performance
The Difference between Track and Testing Performancefrisksoftware
 
The VTC experience
The VTC experienceThe VTC experience
The VTC experiencefrisksoftware
 
Maintaining a Malware Collection
Maintaining a Malware CollectionMaintaining a Malware Collection
Maintaining a Malware Collectionfrisksoftware
 
Testing Heuristic Detections
Testing Heuristic DetectionsTesting Heuristic Detections
Testing Heuristic Detectionsfrisksoftware
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)FFRI, Inc.
 

Recommended

Active Testing
Active TestingActive Testing
Active Testingfrisksoftware
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testingfrisksoftware
 
Test Strategies & Common Mistakes
Test Strategies & Common MistakesTest Strategies & Common Mistakes
Test Strategies & Common Mistakesfrisksoftware
 
The Difference between Track and Testing Performance
The Difference between Track and Testing PerformanceThe Difference between Track and Testing Performance
The Difference between Track and Testing Performancefrisksoftware
 
The VTC experience
The VTC experienceThe VTC experience
The VTC experiencefrisksoftware
 
Maintaining a Malware Collection
Maintaining a Malware CollectionMaintaining a Malware Collection
Maintaining a Malware Collectionfrisksoftware
 
Testing Heuristic Detections
Testing Heuristic DetectionsTesting Heuristic Detections
Testing Heuristic Detectionsfrisksoftware
 
Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)Fighting advanced malware using machine learning (English)
Fighting advanced malware using machine learning (English)FFRI, Inc.
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringAshwini Almad
 
Tricorder: Diagnose and heal your software (without science fiction)
Tricorder: Diagnose and heal your software (without science fiction)Tricorder: Diagnose and heal your software (without science fiction)
Tricorder: Diagnose and heal your software (without science fiction)Davide Tampellini
 
Whittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandWhittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandDavid O'Dowd
 
An Introduction to Malware Classification
An Introduction to Malware ClassificationAn Introduction to Malware Classification
An Introduction to Malware ClassificationJohn Seymour
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasuresn|u - The Open Security Community
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber securityBirju Tank
 
Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Michael Boman
 
Measuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersMeasuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersAnthony Arrott
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phasesTestingXperts
 
Automating networksecurityassessment
Automating networksecurityassessmentAutomating networksecurityassessment
Automating networksecurityassessmentGlib Pakharenko
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
 
Including security in devops
Including security in devopsIncluding security in devops
Including security in devopsJérémy Matos
 
Ten Tools for Security Professionals
Ten Tools for Security ProfessionalsTen Tools for Security Professionals
Ten Tools for Security ProfessionalsMcGrewSecurity
 
Chapter 8
Chapter 8Chapter 8
Chapter 8gofortution
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookheyamiable_indian
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxAditya Deshmukh
 
Semantics aware malware detection ppt
Semantics aware malware detection pptSemantics aware malware detection ppt
Semantics aware malware detection pptManish Yadav
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Performance Analysis of Idle Programs
Performance Analysis of Idle ProgramsPerformance Analysis of Idle Programs
Performance Analysis of Idle Programsgreenwop
 

More Related Content

What's hot

Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringAshwini Almad
 
Tricorder: Diagnose and heal your software (without science fiction)
Tricorder: Diagnose and heal your software (without science fiction)Tricorder: Diagnose and heal your software (without science fiction)
Tricorder: Diagnose and heal your software (without science fiction)Davide Tampellini
 
Whittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandWhittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandDavid O'Dowd
 
An Introduction to Malware Classification
An Introduction to Malware ClassificationAn Introduction to Malware Classification
An Introduction to Malware ClassificationJohn Seymour
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber securityBirju Tank
 
Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Michael Boman
 
Measuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersMeasuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersAnthony Arrott
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phasesTestingXperts
 
Automating networksecurityassessment
Automating networksecurityassessmentAutomating networksecurityassessment
Automating networksecurityassessmentGlib Pakharenko
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesSandeep Kumar Seeram
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Stephan Chenette
 
Including security in devops
Including security in devopsIncluding security in devops
Including security in devopsJérémy Matos
 
Ten Tools for Security Professionals
Ten Tools for Security ProfessionalsTen Tools for Security Professionals
Ten Tools for Security ProfessionalsMcGrewSecurity
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookheyamiable_indian
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxAditya Deshmukh
 
Semantics aware malware detection ppt
Semantics aware malware detection pptSemantics aware malware detection ppt
Semantics aware malware detection pptManish Yadav
 

What's hot (20)

Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Tricorder: Diagnose and heal your software (without science fiction)
Tricorder: Diagnose and heal your software (without science fiction)Tricorder: Diagnose and heal your software (without science fiction)
Tricorder: Diagnose and heal your software (without science fiction)
 
Whittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest IrelandWhittaker How To Break Software Security - SoftTest Ireland
Whittaker How To Break Software Security - SoftTest Ireland
 
An Introduction to Malware Classification
An Introduction to Malware ClassificationAn Introduction to Malware Classification
An Introduction to Malware Classification
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
Secure lab setup for cyber security
Secure lab setup for cyber securitySecure lab setup for cyber security
Secure lab setup for cyber security
 
Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19Automatic Malware Analysis 2008-09-19
Automatic Malware Analysis 2008-09-19
 
Measuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to CustomersMeasuring the Actual Security that Vendors Provide to Customers
Measuring the Actual Security that Vendors Provide to Customers
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phases
 
Automating networksecurityassessment
Automating networksecurityassessmentAutomating networksecurityassessment
Automating networksecurityassessment
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware Generation
 
Cyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on ExamplesCyber Defense Forensic Analyst - Real World Hands-on Examples
Cyber Defense Forensic Analyst - Real World Hands-on Examples
 
Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012Watchtowers of the Internet - Source Boston 2012
Watchtowers of the Internet - Source Boston 2012
 
Including security in devops
Including security in devopsIncluding security in devops
Including security in devops
 
Ten Tools for Security Professionals
Ten Tools for Security ProfessionalsTen Tools for Security Professionals
Ten Tools for Security Professionals
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookhey
 
Data mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptxData mining techniques for malware detection.pptx
Data mining techniques for malware detection.pptx
 
Semantics aware malware detection ppt
Semantics aware malware detection pptSemantics aware malware detection ppt
Semantics aware malware detection ppt
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through Injections
 

Similar to Sorting Out The Trash

Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Performance Analysis of Idle Programs
Performance Analysis of Idle ProgramsPerformance Analysis of Idle Programs
Performance Analysis of Idle Programsgreenwop
 
debugging (1).ppt
debugging (1).pptdebugging (1).ppt
debugging (1).pptjerlinS1
 
An important characteristic of a test suite that is computed by a dynamic ana...
An important characteristic of a test suite that is computed by a dynamic ana...An important characteristic of a test suite that is computed by a dynamic ana...
An important characteristic of a test suite that is computed by a dynamic ana...jeyasrig
 
Chelberg ptcuser 2010
Chelberg ptcuser 2010Chelberg ptcuser 2010
Chelberg ptcuser 2010Clay Helberg
 
6.Temp & Rand
6.Temp & Rand6.Temp & Rand
6.Temp & Randphanleson
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Securityankitmehta21
 
Reproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesReproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesAnnika Eriksson
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and younelinger
 
Useful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsUseful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsSTC-Philadelphia Metro Chapter
 
Integrated Test Environment for Tandem Software Applications
Integrated Test Environment for Tandem Software ApplicationsIntegrated Test Environment for Tandem Software Applications
Integrated Test Environment for Tandem Software Applicationsguest77744e
 
Storage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingStorage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingSolarWinds
 
Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromiseCal Bryant
 
Hand Coding ETL Scenarios and Challenges
Hand Coding ETL Scenarios and ChallengesHand Coding ETL Scenarios and Challenges
Hand Coding ETL Scenarios and Challengesmark madsen
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 

Similar to Sorting Out The Trash (20)

Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
Performance Analysis of Idle Programs
Performance Analysis of Idle ProgramsPerformance Analysis of Idle Programs
Performance Analysis of Idle Programs
 
debugging (1).ppt
debugging (1).pptdebugging (1).ppt
debugging (1).ppt
 
An important characteristic of a test suite that is computed by a dynamic ana...
An important characteristic of a test suite that is computed by a dynamic ana...An important characteristic of a test suite that is computed by a dynamic ana...
An important characteristic of a test suite that is computed by a dynamic ana...
 
Unit Testing
Unit TestingUnit Testing
Unit Testing
 
Testing 101
Testing 101Testing 101
Testing 101
 
Chelberg ptcuser 2010
Chelberg ptcuser 2010Chelberg ptcuser 2010
Chelberg ptcuser 2010
 
6.Temp & Rand
6.Temp & Rand6.Temp & Rand
6.Temp & Rand
 
Testingfor Sw Security
Testingfor Sw SecurityTestingfor Sw Security
Testingfor Sw Security
 
Reproducibility: 10 Simple Rules
Reproducibility: 10 Simple RulesReproducibility: 10 Simple Rules
Reproducibility: 10 Simple Rules
 
Google, quality and you
Google, quality and youGoogle, quality and you
Google, quality and you
 
Dev ops
Dev opsDev ops
Dev ops
 
App locker
App lockerApp locker
App locker
 
Useful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical CommunicatorsUseful Shareware / Freeware for Technical Communicators
Useful Shareware / Freeware for Technical Communicators
 
Testcase Preparation Checklist
Testcase Preparation ChecklistTestcase Preparation Checklist
Testcase Preparation Checklist
 
Integrated Test Environment for Tandem Software Applications
Integrated Test Environment for Tandem Software ApplicationsIntegrated Test Environment for Tandem Software Applications
Integrated Test Environment for Tandem Software Applications
 
Storage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler TrainingStorage, Virtual, and Server Profiler Training
Storage, Virtual, and Server Profiler Training
 
Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromise
 
Hand Coding ETL Scenarios and Challenges
Hand Coding ETL Scenarios and ChallengesHand Coding ETL Scenarios and Challenges
Hand Coding ETL Scenarios and Challenges
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Sorting Out The Trash

  • 1. Sorting out the malware trash Michael St. Neitzel, Mike@f-prot.com Out of Section IAT striped Invalid Opcode Corrupted Header Compiler Source Non-malicious Reference Non-Viral Commented Out
  • 2.  
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 12.  
  • 13.  
  • 14. Let’s see what happens
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.