Scribd
Upload
190 views18 pages

Portable Malware Analysis Tools

This document discusses malware analysis. It defines malware as software designed to damage computers and networks. The main types of malware are viruses, worms, Trojans, ransomware, and spyware. Steps in malware analysis include scanning files, generating hashes, identifying file types, checking for packers, and string analysis. Basic static analysis examines malware binaries without running the code, while basic dynamic analysis observes malware behavior when run. Tools used for analysis include Exeinfo PE, UPX, Bin text, PE Studio, Regshot, Fakenet, Autorun, and Procmon.

Uploaded by

Cool Dude
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
190 views18 pages

Portable Malware Analysis Tools

This document discusses malware analysis. It defines malware as software designed to damage computers and networks. The main types of malware are viruses, worms, Trojans, ransomware, and spyware. Steps in malware analysis include scanning files, generating hashes, identifying file types, checking for packers, and string analysis. Basic static analysis examines malware binaries without running the code, while basic dynamic analysis observes malware behavior when run. Tools used for analysis include Exeinfo PE, UPX, Bin text, PE Studio, Regshot, Fakenet, Autorun, and Procmon.

Uploaded by

Cool Dude
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Malware Analysis

By :
Anusha GR
What is Malware?

Malware is any software intentionally designed to cause damage to a


computer, server, client, or computer network. A wide variety of types of
malware exist, including computer viruses, worms, Trojan horses, ransom
ware, spyware.
Types of malware:
• Virus: malware which can execute itself and spread by
infecting other program or files.
• Worm: it is exactly like a file without host program and can
spread without human interaction.
• Trojan: it can gain access to a system and also can execute the
malicious scripts and functions.
• Spyware: it is unwanted software that infiltrates devices and
steal the sensitive information which also can gain access to
damage the system with out user knowledge.
• Ransomware: it infects the users and can encrypt the data
using algorithm and can destroy the information also where it
demand money from victim so that it can be decrypted.
Steps of malware analysis:
1. Scan the file with AV.

2. Generate the file hash and submit it to Virus Total.

3. Identify the file type.

4. Check for packers.

5. String analysis.
Types of malware analysis:
1. Basic Static Analysis.
2. Basic Dynamic Analysis.

Basic Static Analysis : Static analysis is a process of analyzing a malware binary


without actually running the code. Static analysis is generally performed by
determining the signature of the binary file which is a unique identification for the
binary file and can be done by calculating the cryptographic hash of the file and
understanding each component.

Tools used for basic static analysis are:


1. Exeinfo PE.
2. UPX.
3. Bin text.
4. PE studio.
Virus Scan
• Always scan new malware with an up to date virus scanner.

• Someone else may have already discovered and documented the

program you are investigating

• If the code is not sensitive, consider submitting to

http://www.virustotal.com
1.Exeinfo PE:
• gives what type of file
• identify packets
By submitting any file to Exeinfo PE these two information will be given.
UPX :
• to do a better string analysis
• UPX (Ultimate Packer for Executable) is an open source executable
packer supporting a number of file formats from different operating
systems. If the file is packed, we will unpack the file to understand all the
functions and behaviour.
BIN TEXT :
• Tool used to identify string
• Libraries and functions
• Display message, URL, IP address
• File path, Reg paths
PE Studio :
• PeStudio is a portable and free program which is able to examine
executable files in depth.
PE Header analysis:
• Information about the code

• Type of application

• Required library functions

• Space requirements
Dynamic Analysis:
• Dynamic analysis is conducted by observing and manipulating
malware as it runs.
• The dynamic analysis runs malware to examine its behaviour, learn its
functionality and recognize technical indicators. When all these details
are obtained, they are used in the detection signatures.

Tools used for basic dynamic analysis are:

1. Regshot
2. Fakenet
3. Autorun
4. Procmon
REGSHOT :
• We will run the malware to find what are the changes happening in the
machine.
• We can take snapshot of registry and then compare it with a second one - done
after doing system changes or installing a new software product.
• We will take two snapshots of machine state. 1st Reg shot before running the
malware what are the process that are running in our system and 2nd Reg shot
after running the malware what are the additional process that are running in
our system.
AUTORUN:

• Mainly understand for persistence mechanism


• Autorun is used to check whether the malware is trying to start any
new process after the execution is done.
PROCMON: (Process Monitor)
• mainly used for file modifications
1.CreateFile
2.ReadFile
3.WriteFile
4.SetDispostionInformationFile(delete file)
FAKENET:
Fakenet is used to get to know what server or traffic its going to
contact.
CONCLUSION
• We need to be careful when download something. We also need an
anti-virus to protect our computer from be infected by virus.

• We need to be a smart user because this can help us from be tricked


with nice thing but behind the scenes it infects our computer with a
Trojan or Worm.

THANK YOU

You might also like