Pentesting

Malware Analysis Primer

Goals of Malware Analysis

  • Determine exactly what a particular suspect binary can do

  • How to detect it on your network

  • How to measure and contain its damage

  • Develop signatures to detect malware infections

    • Host-based signatures

      • Detect malicious code on victim computers

      • Malware indicators focus on what the malware does to a system not on characteristic of the malware itself

    • Network signatures

      • Detect malicious code by monitoring network traffic

Malware Analysis Techniques

  • Static Analysis

    • Examines the malware without running it

    • Types

      • Basic Static Analysis

        • Examines the executable file without viewing the actual instructions

        • Does not work against sophisticated malware

      • Advanced Static Analysis

        • Reverse-engineering the malware's internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does

  • Dynamic Analysis

    • Running the malware

    • Types

      • Basic Dynamic Analysis

        • Runs the malware and observing its behavior on the system in order to remove the infection and produce effective signatures

        • You have to set up an environment that lets you study the running malware without risk of damage to the system or network

      • Advanced Dynamic Analysis

        • Debugger to examine the internal state of a running malicious executable

        • Extract detailed information from an executable

PreviousSQL InjectionNextMalware Types

Last updated