Scribd
Upload
55 views

Basic Analysis-Malware Analysis-Fall2015

This document provides an overview of basic malware analysis techniques. It discusses using a virtual machine for malware analysis which provides safety, consistency and the ability to revert to earlier snapshots. It covers static analysis which analyzes a sample without executing code to infer functionality. Dynamic analysis analyzes what happens when a sample is executed, such as files created or websites contacted. Hands-on analysis of samples is recommended using tools available in the virtual machine. Related readings from the book "Practical Malware Analysis" are referenced for further study.

Uploaded by

Ano nym
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views

Basic Analysis-Malware Analysis-Fall2015

This document provides an overview of basic malware analysis techniques. It discusses using a virtual machine for malware analysis which provides safety, consistency and the ability to revert to earlier snapshots. It covers static analysis which analyzes a sample without executing code to infer functionality. Dynamic analysis analyzes what happens when a sample is executed, such as files created or websites contacted. Hands-on analysis of samples is recommended using tools available in the virtual machine. Related readings from the book "Practical Malware Analysis" are referenced for further study.

Uploaded by

Ano nym
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Basic Analysis

Malware Analysis
CSCI 4976 - Fall 2015
Branden Clark

RPISEC - 08/29/2014 Meeting Title 1


Overview
• Your malware analysis VM
• Static Analysis
• Dynamic Analysis

RPISEC - 08/29/2014 Meeting Title 2


Virtual Machines
• What is a virtual machine?
–Simply, a computer in your computer
–Really, a (usually) segregated virtual
environment that emulates real
hardware
•There are different types/methods that we’ll
discuss later

RPISEC - 08/29/2014 Meeting Title 3


Virtual Machines
• Why are we using a virtual machine?
–Safety, reliability, consistency, it’s easy
–Keep the malware in a contained environment
–Snapshots
•Completely 100% revert the VM to an earlier state
•If things go bad, no one cares

RPISEC - 08/29/2014 Meeting Title 4


Virtual Machines
• What’s in mine?
–Free Microsoft IE testing VM license
– Lots of free tools all pre-setup for you (C:\tools)
•Common ones are linked on the desktop
•symlinks to desktop and tools directory in cygwin
home dir
•debuggers, disassemblers, analyzers, unpackers,
compilers… the list goes on
•You’ll know them all soon enough!

RPISEC - 08/29/2014 Meeting Title 5


Overview
• Your malware analysis VM
• Static Analysis
• Dynamic Analysis

RPISEC - 08/29/2014 Meeting Title 6


Static Analysis
• Analyzing a sample without executing any
code
• Safe(r)
•Infer functionality
• Provides good pointers to guide dynamic
and advanced analysis
• Lots of tools involved!

RPISEC - 08/29/2014 Meeting Title 7


Static Analysis
• Can be an easy way to find signatures
–URLs, filenames, registry keys
•But it’s not always so easy!

RPISEC - 08/29/2014 Meeting Title 8


Hands on
• VM time!

If your VM isn’t working, don’t worry.


Just jot down the tools and the process.
We’ll resolve any issues and review at office
hours!

RPISEC - 08/29/2014 Meeting Title 9


Overview
• Your malware analysis VM
• Static Analysis
• Dynamic Analysis

RPISEC - 08/29/2014 Meeting Title 10


Dynamic Analysis
• Analyze what happens when the sample is
executed
• Are files made, processes created,
websites contacted, files downloaded/
executed, etc
• Shows you the effect the malware has on
the system/network

RPISEC - 08/29/2014 Meeting Title 11


Hands on
• VM time!

If your VM isn’t working, don’t worry.


Just jot down the tools and the process.
We’ll resolve any issues and review at office
hours!

RPISEC - 08/29/2014 Meeting Title 12


Lab
• Friday 09/04, same place same time
• Problems will be similar to those you saw
today
• Must answer a few questions about each
sample
–See the PMA Chapter Labs for examples

RPISEC - 08/29/2014 Meeting Title 13


Additional Material
• Related Readings:
– Practical Malware Analysis
• Chapter 1. Basic Static Analysis
• Chapter 2. Malware Analysis in Virtual Machines
• Chapter 3. Basic Dynamic Analysis

The chapter outlines make a great reference

Malware - 09/01/2015 Introduction 14


References
1. Sikorski, Michael, and Andrew Honig. Practical Malware Analysis the
Hands-on Guide to Dissecting Malicious Software. San Francisco: No
Starch, 2012. Print.

Malware - 09/08/2015 Advanced Static Analysis 15

You might also like