Post

Malware Analysis 101

Posted
By Abdelrahman Esmail
1 min read

What is Malware Analysis?

Malware analysis is the study of the unique features, objectives, sources, and potential effects of harmful software and code, such as spyware, viruses, malvertising, and ransomware. It analyzes malware code to understand how it varies from other kinds.

In this post, we will only have headlines and some of malware techniques which will not go further for Reverse Engineering part.

Static Analysis

  • Check Strings in file (exe/bin)
    • Strings
    • PeStudio
  • Check OS Malicious Calls
    • PeStudio (import/export) tables
    • Speakeasy
    • Capa

      Dynamic Analysis

  • Regshot
  • Wireshark & Protocol Analysis
  • INetsim/FakeDns

Reverse Engineering for Malware Capabilities

  • Loops (for/while/do-while)
  • If-else conditions/case
  • prologue/eplogue
  • Windows Api Calls
  • Malicious malware calls

Malicious document analysis

  • PDF
    • pdfid
    • pdf-parser.py
  • Office and VBA (OLE/Zip(OOXML(OLE)))
    • VBA dump
    • OLE dump
  • JS Analysis
Malware Analysis
MalwareAnalysis101
This post is licensed under CC BY 4.0 by the author.