Sunday, 11 February 2018

Just another Malware Analysis Guide (3) - Tools and Samples


More example of tools usage and sample executable files.

Static analysis with CFF Explorer:
  • General Information
  • Check UPX
  • Disable ASLR
  • View Import Libraries
  • Modify Hex
  • Disassembly
  • More...

Static Analysis with PE Studio:
  • General Information
  • Indicators of Malicious
  • Check VirusTotal
  • DOS and File Headers
  • View Import Libraries
  • Strings
  • More...

Dynamic analysis with Process Explorer:
  • DEP Status
  • ASLR Enabled
  • Verified Signature
  • Virus Total
  • Process Network
  • TCP/IP
  • More...


Dynamic analysis with Process Hacker:
  • DEP Status
  • ASLR Enabled
  • Verified Signature
  • Service
  • Network
  • More...

Dynamic analysis with Autoruns:
  • One of the best tool for infected machine
  • Task Scheduler
  • Services
  • WMI
  • More...

Dynamic analysis with Sandbox, BSA and Wireshark:
  • Notice the new process, file, registry, import libraries and more...

 

View the network traffic from Wireshark


Dynamic analysis with Regshot:
  • Differentiate the before and after execution of malicious program/ script in registry



Sample executable files:
  1. Create File
  2. Write Registry
  3. Network Access 
Give a try on the sample executable files.
  1. What are the libraries called when create file, write new registry and network access?
  2. Is the executable file packed?
  3. What is the new created file name?
  4. What is the new created registry key and value?
  5. What is the connection made?

End of Just another Malware Analysis Guide (3) - Tools and Samples


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)