Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
119 views22 pages

Lecture 1

This document provides an introduction to malware analysis. It discusses the history of viruses and malware, defines malware, outlines common malicious actions performed by malware, and describes different types of malware like viruses, worms, trojans, backdoors, adware, botnets, and rootkits. It then defines malware analysis, explains why it is important to understand malware behavior through analysis, and describes different techniques for malware analysis including static analysis, dynamic analysis, code analysis, and memory analysis.

Uploaded by

kunalsisodiacse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
119 views22 pages

Lecture 1

This document provides an introduction to malware analysis. It discusses the history of viruses and malware, defines malware, outlines common malicious actions performed by malware, and describes different types of malware like viruses, worms, trojans, backdoors, adware, botnets, and rootkits. It then defines malware analysis, explains why it is important to understand malware behavior through analysis, and describes different techniques for malware analysis including static analysis, dynamic analysis, code analysis, and memory analysis.

Uploaded by

kunalsisodiacse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

Introduction to Malware Analysis

History of Viruses and Malware

Started in 1949 with Self-Replication program


called "Virus

In 1986 viruses started to appear with annoying


or harmful features spreading through floppy
disks
What I s Malware?

Malware is a code that performs malicious actions;


it can take the form of an executable, script, code,
or any other software.

Attackers use malware to steal sensitive


information, spy on the infected system, or take
control of the system.
Some of the malicious actions performed by
malware
Disrupting computer operations

Stealing sensitive information, including personal, business,


and financial data

Unauthorized access to the victim's

system Spying on the victims Sending

spam emails
Engaging in distributed-denial-of-service
attacks (DDOS)

Locking up the files on the computer and


Types of Malwares

Malware is a broad term that refers to different types


of malicious programs such as trojans, viruses, worms,
and rootkits.
Types of Malwares

Virus or Worm: Malware that is capable of copying


itself and spreading to other computers. A virus
needs user intervention, whereas a worm can spread
without user intervention.
computer worm is a type of malware that can automatically propagate or self-
replicate without human interaction, enabling its spread to other computers
across a network.

Trojan: Malware that disguises itself as a regular


program to trick users to install it on their
systems. Once installed, it can perform malicious
actions such as stealing sensitive data, uploading
files to the attacker's server, or monitoring webcams.
Types of Malwares

Backdoor / Remote Access Trojan (RAT): This is a type


of Trojan that enables the attacker to gain access to
and execute commands on the compromised system.

Adware: Malware that presents


unwanted advertisements (ads) to the user. They
usually get delivered via free downloads and can
forcibly install software on your system.
Types of Malwares

Botnet: This is a group of computersinfected with


the same malware (called bots), waiting to
instructions from the command-and- receive
controlled by the attacker.
control server

The attacker can then issue a command to these


bots, which can perform malicious activities such as
DDOS attacks or sending spam emails.
Types of Malwares

Rootkit: Malware that provides the attacker with


privileged access to the infected system and conceals
its presence or the presence of other software.
What I s Malware Analysis?

Malware analysis is the study of malware's behavior.

The objective of malware analysis is to


understand the working of malware and how to
detect and eliminate it.

It involves analyzing the suspect binary in a


safe environment to identify its characteristics
and functionalities so that better defenses can be
built to protect an organization's network.
Why Malware Analysis?

The primary motive behind performing


malware analysis is to extract information from
the malware sample, which can help in responding
to a malware incident.

The goal of malware analysis is to determine


the capability of malware, detect it, and contain it.

It also helps in determining identifiable patterns


that can be used to cure and prevent future
infections.
Why Malware Analysis?

The following are some of the reasons why we will


perform malware analysis:

To determine the nature and purpose of the malware.


For example, it can help you determine whether malware
is an information stealer, HTTP bot, spam bot,
rootkit, keylogger, or RAT, and so on.

To gain an understanding of how the system was


compromised and its impact.
Why Malware Analysis?

The following are some of the reasons why we will


perform malware analysis:

To identify the network indicators associated with the


malware, which can then be used to detect
similar infections using network monitoring.

For example, during your analysis, if you determine that a


malware contacts a particular domain/IP address, then
you can use this domain/IP address to create a signature
and monitor the network traffic to identify all the hosts
contacting that domain/IP address.
Why Malware Analysis?

The following are some of the reasons why we will


perform malware analysis:

To extract host-based indicators such as filenames,


and registry keys, which, in turn, can be used to
determine similar infection using host-based monitoring.
For instance, if you learn that a malware creates a
registry key, you can use this registry key as an indicator
to create a signature, or scan your network to identify the
hosts that have the same registry key.
Why Malware Analysis?

The following are some of the reasons why we will


perform malware analysis:

To determine the attacker's intention and motive. For


instance, during your analysis, if you find that the
malware is stealing banking credentials, then you can
deduce that the motive of the attacker is monetary gain.
Types Of Malware Analysis

1. Static analysis
2. Dynamic analysis (Behavioral
Analysis)
3. Code analysis
4. Memory analysis (Memory forensics)
Static analysis

Static analysis: This is the process of analyzing a binary


without
executing it. It is easiest to perform and allows you to extract the
metadata associated with the suspect binary. Static analysis might
not reveal all the required information, but it can sometimes
provide interesting information that helps in determining where to
focus your subsequent analysis efforts.
Dynamic analysis

Dynamic analysis (Behavioral Analysis): This is the process


of

executing the suspect binary in an isolated environment


and monitoring its behavior. This analysis technique is
easy to perform and gives valuable insights into the
activity of the binary during its execution. This analysis
technique is useful but does not reveal all the functionalities
Code analysis
Code analysis: It is an advanced technique that focuses on analyzing the code
to

understand the inner workings of the binary. This technique reveals


information that is not possible todetermine just from
static and dynamic analysis. Code analysis is further divided
into Static code analysis and Dynamic code analysis. Static code analysis
involves disassembling the suspect binary and looking at the code to
understandthe program's behavior, whereas Dynamic code analysis
involves debugging the suspect binary in a controlled manner to understand its
Memory analysis

Memory analysis (Memory forensics): This is the technique of analyzing the

computer's RAM for forensic artifacts. It is typically a forensic technique, but


integrating it into your malware analysis will assist in gaining an understanding
of the malware's behavior after infection. Memory analysis is especially useful
to determine the stealth and evasive capabilities of the malware.

You might also like