What is Malware Analysis?

Malware Analysis is the study or process of determining the

functionality, origin and potential impact of a given malware sample and extracting as much
information from it. The information that is extracted helps to understand the functionality and
scope of malware, how the system was infected and how to defend against similar attacks in future.
Objective:
• to understand Tthe type of malware and its functionality.
• Determine how the system was infected by malware and define if it was a targeted attack or
a phishing attack.
• How malware communicates with attacker.
• Future detection of malware and generating signatures.
Types of Malware Analysis:
• Static analysis – It is a process of analyzing the malware without executing or running it.
This analysis is used to extract as much metadata from malware as possible like P.E headers
strings etc.
• Dynamic analysis – It is process of executing malware and analyzing its functionality and
behavior. This analysis helps to know what malware does during its execution using
debugger.
• Code analysis – It is a process of analyzing/reverse engineering assembly code. It is
combination of both static and dynamic analysis.
• Behavioral analysis – It is the process of analyzing and monitoring the malware after
execution. It involves monitoring the processes, registry entries and network monitoring to
determine the workings of the malware.
Common Steps in Malware Analysis:
• Identification
• Static Analysis
• Dynamic Analysis
• Code Analysis
• Behavioral Analysis
• Reverse Engineering

Advantages of Malware Analysis:

1. Threat Detection: Malware analysis enables the detection of previously unknown threats,
allowing organizations to proactively defend against attacks.
2. Improved Security: By understanding the behavior of malware, organizations can improve
their security measures and reduce the risk of infection.
3. Understanding of Attack Techniques: Malware analysis provides insight into the methods
and techniques used by attackers, allowing organizations to better prepare for and defend
against future attacks.
4. Early Detection: By analyzing malware early in its lifecycle, organizations can mitigate the
impact of an attack and reduce the time required to recover from it.
5. Forensics: Malware analysis can provide valuable information for forensic investigations
and can aid in the prosecution of attackers.
Disadvantages of Malware Analysis:
1. Time-Consuming: The process of malware analysis can be time-consuming and requires
specialized knowledge and tools.
2. Risk of Infection: Conducting malware analysis in an uncontrolled environment can result in
the spread of the malware, potentially causing harm to other systems.
3. Cost: Malware analysis requires specialized tools and expertise, which can be expensive for
organizations to acquire and maintain.
4. Difficulty: Malware is constantly evolving, and the analysis process can be challenging,
requiring specialized knowledge and expertise.
5. False Positives: Malware analysis can sometimes result in false positives, leading to false
alarms and a loss of confidence in the security measurement.

What is a Trojan Horse?

The name of the Trojan Horse is taken from a classical story of the Trojan War. It is a code that is
malicious in nature and has the capacity to take control of the computer. It is designed to steal,
damage, or do some harmful actions on the computer. It tries to deceive the user to load and execute
the files on the device. After it executes, this allows cybercriminals to perform many actions on the
user’s computer like deleting data from files, modifying data from files, and more. Now like many
viruses or worms, Trojan Horse does not have the ability to replicate itself.
For example:
There was a Trojan that disguised itself as a game. Many users have downloaded this game and that
secretly turned into a self-replicating virus. The game was a simple theme-based game, but it started
to back up all the files on the drive where the user would access them. The Trojan turned out to be
harmless, and it was easy for them to fix. So this was identified as Trojan because it did not disclose
the virus.

Features of Trojan Horse

• It steals information like a password and more.
• It can be used to allow remote access to a computer.
• It can be used to delete data and more on the user’s computers.

Working with trojan:

Trojan viruses work by taking advantage of a lack of security knowledge by the user and
security measures on a computer, such as an antivirus and antimalware software
program. A Trojan typically appears as a piece of malware attached to an email. The file,
program, or application appears to come from a trusted source.

How it works;
Unlike computer viruses, a Trojan horse requires a user to download the server side of the
application for it to function because it cannot manifest by itself. This means that for the
Trojan to target a device’s system, the executable (.exe) file must be implemented and the
software installed.
 Cybercriminals can also utilize social engineering techniques to trick people into installing
malicious software, which can then infect a device with a Trojan. The malicious file may be
hidden in internet links, pop-up ads, or banner advertisements. The malicious file may be
hidden in internet links, pop-up ads, or banner advertisements.
Trojan software can propagate to other computers from a Trojan-infected the computer. A hacker
makes the device into a zombie computer, giving them remote access to it without the user’s
knowledge. The zombie machine can then be used by hackers to spread malware among a botnet of
computers.
A user might, for example, get an email from a friend that has an attachment that likewise appears
to be real. However, the attachment has malicious code that runs on the user’s device and installs
the Trojan. The user may not be aware that anything suspicious has happened because their machine
may continue to function regularly without any signs of it having been infected.
Until the user makes a certain action, such visiting a specific website or banking app, the malware
will remain undiscovered. As a result, the malicious code will be activated and the Trojan will do
the required hacking activity. The malware may destroy itself, go back to being dormant, or
continue to be active on the device, depending on the type of Trojan and how it was developed.

Examples of Trojan Horse Virus Attacks

1.Rakhni Trojan: The Rakhni Trojan infects devices by delivering ransomware or a
cryptojacker utility that allows an attacker to utilize a device to mine bitcoin.
2.Tiny Banker: With the use of Tiny Banker, hackers can steal users’ bank information. As
soon as it infected, it was discovered at least 20 U.S. banks.
3.Zeus or Zbot: Zeus, often known as Zbot, is a toolkit that allows hackers to create their
own Trojan virus and targets financial services. To steal user passwords and financial
information, the source code employs strategies like form grabbing and keystroke logging.

Advantage of Trojan Horse

• It can be sent as an attachment in an email.
• It can be in some pop-up ads that we find on the web page.
• It can be used to allow remote access to a computer.
• It can be used to delete data and more on the user’s computers.

Disadvantages of Trojan Horse

• It can’t manifest by itself. It requires the implementation of the .exe files.
• It remains undetected and starts its execution when the user is doing any online transaction
activity.
• the system or the device where it has been affected will be slow.
• The user can also experience a direct shutdown of the computer.
• The user will experience the files to be opening much slower.