skinnyrelop.blogg.se - Anti malware tools

My first port of call for analyzing a Windows executable is always PeStudio.

Disclaimer: The tools in this article should be used in a sandboxed environment such as a virtual machine designed for analyzing malware, do not attempt to analyze malware using these tools on your host operating system.

or looking at network traffic to see what command and control (C2) infrastructure the malware calls out to. This may include looking for files created, changes to the registry which may be indicative of the malware building some persistence. When dynamically analyzing a sample I look for any unique characteristics that I can attribute to this piece of malware. While the malware is running I use a number of tools to record its activity, this is known as dynamic analysis. Once I have pulled out as much information as I can from my static tools and techniques, I then detonate the malware in a virtual machine specially built for running and analyzing malware. The tools used for this type of analysis won’t execute the code, instead, they will attempt to pull out suspicious indicators such as hashes, strings, imports and attempt to identify if the malware is packed.

Directory Environments e-book Malware Analysis Tools and Techniquesīefore running the malware to monitor its behavior, my first step is to perform some static analysis of the malware.