Scribd
Upload
47 views5 pages

CT-19005 - Lab 3 - Malware Analysis

This document summarizes the malware analysis lab session where students analyzed a malicious file. The file was first uploaded to VirusTotal for scanning by multiple antivirus programs. Various tools were then used to analyze the file statically without executing it, including PEiD to identify the file type and creator, and PEStudio to find blacklisted strings, functions, and behaviors like file mapping and API calls. Key details about the malware's development environment and subsystems were revealed through static analysis.

Uploaded by

RAMESH KUMAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
47 views5 pages

CT-19005 - Lab 3 - Malware Analysis

This document summarizes the malware analysis lab session where students analyzed a malicious file. The file was first uploaded to VirusTotal for scanning by multiple antivirus programs. Various tools were then used to analyze the file statically without executing it, including PEiD to identify the file type and creator, and PEStudio to find blacklisted strings, functions, and behaviors like file mapping and API calls. Key details about the malware's development environment and subsystems were revealed through static analysis.

Uploaded by

RAMESH KUMAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Lab Session 03

Malware Analysis
INTRODUCTION:
Malware analysis involves examining the actions and intentions of a suspicious file or URL. In
the lab, we conducted malware analysis within a secure and separate environment. To start with:

1. Choose a dedicated machine


2. Install VM
3. Install malware analysis environment. e.g., REMnux, Cuckoo, Flare VM

Analysis using VirusTotal:


The malware file was obtained from GitHub and subsequently uploaded to the VirusTotal
website for analysis. Several screenshots displaying the analysis conducted by VirusTotal are
provided below.
The malware performed the following actions on the machine according to VirusTotal:
Static Analysis using PEiD:
PEiD, an open-source detection tool, is utilized for cross-checking and conducting a static
analysis of a given file. The analysis using PEiD revealed the following key information about
the malware:

 Development Environment: The malware was developed using Microsoft Visual C++.
 File Type: It is a Win32 executable file.
 Creation Date: The file was created on December 19, 2010.
 Entry Point Section: The entry point section of the file is ".text".
 Subsystem: The malware is designed to function within a console subsystem.

Static Analysis using PEStudio:


PEStudio is a tool used for assessing malware and analyzing file characteristics without
executing them. During the analysis of this particular malware, the following key findings were
observed:

 There were 69 strings that were identified as blacklisted.


 Six functions were flagged as blacklisted.
 The malware utilized File Mapping to store system file mappings.
 The Find Close function was employed to close backend files.
 The Create File function was used to create multiple files.
 The malware accessed Kernel32.dll, which provides various Win32 base APIs for
memory management, I/O operations, process and thread creation, and synchronization
functions.
 The malware also accessed Msvcrt.dll, which is a crucial file for applications developed
using Microsoft Visual Studio 6.0 and facilitates the proper functioning of programs
created with Microsoft Visual C++.

You might also like