Malware Analysis Jaimin Shah Krunal Patel Vishal Patel
- Slides: 16
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering
Objectives Analyzing a worm or a virus Provide a method to eliminate How to prevent from infection in future?
Overview Introduction n Definition of Malware Techniques Lab Scenario n Hands-on analysis of Beagle. J
Introduction to Malware How? Forms of Malware Detection Techniques
Forms of Malware Virus Trojans Worms Spyware Adware
Detection Techniques Integrity Checking Static Anti-Virus (AV) Scanners n Signature-based Strings Regular expressions n Static behavior analyzer Dynamic Anti-Virus Scanners n Behavior Monitors
Malware Analysis Techniques VMWare n n n Multiple Operating System Creates network between host and guest systems Self-contained files Can transfer virtual machines to other PCs. vmx – configuration file. vmdk – image of hard disk
Lab Scenario Static Analysis n Bin. Text Extracts strings from code n IDA Pro Dissembler USD 399/user n UPX compression/decompression
Bin. Text Extracts strings from executables Reveals clues: n IRC Commands, SMTP commands, registry keys
IDA Pro Disassembles executables into assembly instructions Easy-to-use interface n Separates subroutines, creates variable names, color-coded
UPX Decompression Executable packer commonly used by virus writers Can compress wide range of files n Windows PE executables, DOS COM files, and many more To unpack: n upx. exe -d -o dest. exe source. exe
Decompressed Output
Process Observation Tools Process Explorer n Monitor processes File. Mon n Monitor file operations Reg. Mon n Monitor operations on registry Regshot n Take snapshot of registry and files Proc. Dump n Dump code from memory
Beagle. J Capabilities Registry/Run on startup Copies into folders containing “shared” Sends copies by email Backdoor
Conclusion As you have seen there are various ways for an attacker to get malicious code to execute on remote computers We have only scratched on the surface, there are much more to learn and discover
Questions ? References n Images http: //www. microsoft. com http: //www. symantec. com n Softwares Bin. Text – http: //www. foundstone. com IDA Pro – http: //www. datarescue. com UPX – http: //upx. sourgeforce. net
- Pendleton's rules
- Krunal patel md
- Cuckoo malware analysis
- Blake patel only connect
- Waldenstrom's disease
- Memory forensics training
- Malware analysis
- Basic dynamic analysis
- Cuckoo sandbox online
- Vishal sundaram
- Vishal dasari
- Vishal manghnani
- Vishal manghnani
- Vishal thakkar nose
- Dr vishal jaiswal
- Camcer
- Vishal gupta bits pilani