Open in app

Sign up

Sign in

Write

Sign up

Sign in

Practical Malware Analysis (Introduction)

Arslan Sabir
System Weakness
Published in
2 min readFeb 8, 2022

--

Malware is a file or code, typically delivered over a network, that infects explores steals or conducts virtually any behavior on attacker wants. Malware can infect devices and networks and can exploit security defects (security bugs or vulnerabilities) in the operating system, applications (such as browser) etc. There are different types of malware like:

  • Virus
  • Adware
  • Rootkit
  • Spyware
  • Ransomware
  • Trojan horse
  • Remote access
  • Worm
  • Keylogger

Malware Analysis

What is Malware Analysis?? Malware Analysis is the Process of Understanding the behavior and purpose of suspicious file or URL and potential impacts of different types of malicious software (malware) and code. The output of the process will help us in detecting and mitigating any potential threat. Some key benefits that malware analysis offers are:

  • Assesses the damage from malware
  • Identify the source of the attack
  • Identify the vulnerability of the malware, its exploitation level, and preparation to patch accordingly.
  • Reveal hidden indicators of compromise that need to be blocked
  • Improve the efficiency of indicators of compromise, alert and notify

TYPES OF MALWARE ANALYSIS

Static malware analysis

  • Analyzing malware without execution.
  • Components and properties are analyzed without running the code.
  • Static malware analysis is signature-based approach of malware detection and analysis.
  • Malware binary can be reverse-engineered by using a disassembler.
  • Static malware analysis involves different techniques like virus scanning, fingerprinting, memory dumping, etc.

Dynamic malware analysis

  • Analyzing behavior of malware through execution within a safe environment called a sandbox
  • Components and properties of malware are analyzed without running the code.
  • Dynamic malware analysis is behavior-based approach of malware detection and analysis.
  • The malware binary can be reverse-engineered using disassemblers and debuggers to understand and control certain aspects of the program when executing.
  • Dynamic malware analysis involves registry changes, API calls, memory writes, etc.
  • It is more effective and provides a higher detection rate than static analysis.

Hybrid Analysis

  • Hybrid analysis is a combination of basic and dynamic techniques to provide the best of both approaches.
  • It detects malicious codes and extracts more indicators of compromise. It can even help detect this in sophisticated malware.
  • Combining both basic and dynamic analysis techniques, hybrid analysis provide the best of both approaches because
  • It can detect malicious code that is trying to hide, and then can extract many more indicators of compromise (IOCs) by statically and previously unseen code.
  • Hybrid analysis helps detect unknown threats, even those from the most sophisticated malware.

Now we will start analyzing malware using different technique's. We will look into different types of malware .PDF & .xls etc.

Cybersecurity
Malware
Malware Analysis
Security
Technology

--

--

Arslan Sabir
System Weakness
Follow

Written by Arslan Sabir

96 Followers

Security is just an illusion

Follow

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams