Malware Analysis

  1. Basic Static Analysis
    1. Analyzing without Execution
      1. Goals and Limitations
        1. Safety Considerations
        2. File Identification and Hashing
          1. File Type Identification
            1. File Extensions
              1. Magic Numbers
                1. MIME Types
                2. Hashing Algorithms
                  1. MD5
                    1. SHA-1
                      1. SHA-256
                        1. SHA-512
                        2. Fuzzy Hashing
                          1. ssdeep
                            1. TLSH
                              1. Use Cases in Malware Analysis
                            2. String Extraction
                              1. ASCII Strings
                                1. Unicode Strings
                                  1. Wide Character Strings
                                    1. String Extraction Tools
                                      1. strings (Linux/Unix)
                                        1. BinText
                                          1. FLOSS
                                          2. Identifying Interesting Strings
                                            1. IP Addresses and Domains
                                              1. File Paths
                                                1. Registry Keys
                                                  1. User-Agents
                                                    1. Error Messages
                                                      1. URLs and Email Addresses
                                                        1. Cryptographic Constants
                                                      2. Examining File Headers
                                                        1. Portable Executable (PE) Format (Windows)
                                                          1. PE Structure Overview
                                                            1. DOS Header
                                                              1. NT Headers
                                                                1. PE Sections
                                                                  1. .text Section
                                                                    1. .data Section
                                                                      1. .rsrc Section
                                                                        1. .reloc Section
                                                                          1. Custom Sections
                                                                          2. Import Address Table (IAT)
                                                                            1. Export Address Table (EAT)
                                                                              1. Timestamps
                                                                                1. Digital Signatures
                                                                                  1. Version Information
                                                                                  2. Executable and Linkable Format (ELF) (Linux)
                                                                                    1. ELF Structure Overview
                                                                                      1. ELF Header
                                                                                        1. Program Headers
                                                                                          1. Section Headers
                                                                                            1. Symbol Tables
                                                                                              1. String Tables
                                                                                            2. Identifying Packers and Obfuscators
                                                                                              1. Common Packers
                                                                                                1. UPX
                                                                                                  1. ASPack
                                                                                                    1. PECompact
                                                                                                      1. Themida
                                                                                                      2. Packer Detection Tools
                                                                                                        1. PEiD
                                                                                                          1. Detect It Easy (DIE)
                                                                                                            1. ExeInfo PE
                                                                                                              1. Automated Detection
                                                                                                              2. Entropy Analysis
                                                                                                                1. Calculating Entropy
                                                                                                                  1. Interpreting Results
                                                                                                                    1. High Entropy Indicators
                                                                                                                  2. Analyzing Embedded Resources and Metadata
                                                                                                                    1. Resource Extraction
                                                                                                                      1. Icons and Images
                                                                                                                        1. Version Information
                                                                                                                          1. Manifest Files
                                                                                                                          2. Metadata Analysis
                                                                                                                            1. Compilation Timestamps
                                                                                                                              1. Compiler Information
                                                                                                                                1. Debug Information
                                                                                                                                2. Embedded Files and Objects
                                                                                                                                  1. Extracting Embedded Executables
                                                                                                                                    1. Configuration Data
                                                                                                                                      1. Certificates

                                                                                                                                  Previous

                                                                                                                                  2. Setting Up the Analysis Laboratory

                                                                                                                                  Go to top

                                                                                                                                  Next

                                                                                                                                  4. Basic Dynamic Analysis