Kullanıcı1233
Kıdemli Üye
- 19 Tem 2011
- 4,371
- 12
Hi guys! In this post, i'll try to explain how to perform malware analysis, what are types of analysis, what are they being done for, which softwares we can use.
These methods are my own ways to do that, so i just wanna let you know basic stuff. And you'll improve your own way after then.
What is Malware Analysis?
Malware: Stands for malicious software. They are kind of softwares that run on our system without permission. For example; rat, trojan, rootkit, ransomware, etc.
Malware analysis: As is evident from its name, means detecting malicious softwares and files by analysing it. Antivirus softwares might be not enough in some situations; when these days came, you just have to analyse it by yourself. And nowadays -i think i can say that- lots of viruses can bypass antiviruses. Malware analysis is the best way to prevent it.
There are 2 types of malware analysis: Static and Dynamic Analysis.
Static analysis: Static analysis is the examination of malware by looking at its code without running it on the system.
Dynamic analysis: Dynamic analysis is the examination of malware's behaviours with various tools by running it on the system.
How to Perform Malware Analysis?
Now, you have basic technical information about malware analysis. It's time to how to perform it.
First step is to gather info about file to analyse. There are lots of tools to gathering process. Like i said earlier, everyone has their own way, so i'm gonna explain tools that i've been using own.
- PEiD
- DIE
- PE İnsider
- CFF Explorer
PEiD
We gather some basic info about file. So now we can learn that which language that developed in. There are not much features besides knowing which programming language used actually. Just drag and drop the files to analyse into software, it's easy to use.
DIE
DIE is more developed than PEiD. We can gather so many info about our file from DIE. Just like PEiD, drag and drop the file into DIE and watch..
CFF Explorer
We have to install CFF Explorer after downloaded it. Then run the CFF Explorer. Click on 'Open' in 'File' tab and choose file to analyse.
Now we know some stuff about our targeted file. It's time to read its source codes. If there is malware inside of file, we'll find out by analysing its source codes.
I use dnSpy to read source code. You can use different software of course. Drag and drop file into dnSpy to make it readable.
P.S. If our file has been obfuscated or compressed, source codes may not be readable. You have to deobfuscate it first.
It's a static analysis by reading its source codes. Now, how to perform dynamic analysis..
How to Perform Dynamic Analysis?
For dynamic analysis, you need to run it on virtual machine windows or sandboxie.
Run the file and observe what's happening to system. If there are something running on background without permission, it's malware.
Or, we can open WireShark first and after then run our file and listen it. We can find out if it's malware by monitoring what's happening to network.
These are just basic infos about malware analysis. Research more if you wanna be advanced yourself. Take care!
Source: https://www.turkhackteam.org/zararli-yazilim-analizi/1744311-basit-malware-analizi-senzero.html
These methods are my own ways to do that, so i just wanna let you know basic stuff. And you'll improve your own way after then.
What is Malware Analysis?
Malware: Stands for malicious software. They are kind of softwares that run on our system without permission. For example; rat, trojan, rootkit, ransomware, etc.
Malware analysis: As is evident from its name, means detecting malicious softwares and files by analysing it. Antivirus softwares might be not enough in some situations; when these days came, you just have to analyse it by yourself. And nowadays -i think i can say that- lots of viruses can bypass antiviruses. Malware analysis is the best way to prevent it.
There are 2 types of malware analysis: Static and Dynamic Analysis.
Static analysis: Static analysis is the examination of malware by looking at its code without running it on the system.
Dynamic analysis: Dynamic analysis is the examination of malware's behaviours with various tools by running it on the system.
How to Perform Malware Analysis?
Now, you have basic technical information about malware analysis. It's time to how to perform it.
First step is to gather info about file to analyse. There are lots of tools to gathering process. Like i said earlier, everyone has their own way, so i'm gonna explain tools that i've been using own.
- PEiD
- DIE
- PE İnsider
- CFF Explorer
PEiD
We gather some basic info about file. So now we can learn that which language that developed in. There are not much features besides knowing which programming language used actually. Just drag and drop the files to analyse into software, it's easy to use.
DIE
DIE is more developed than PEiD. We can gather so many info about our file from DIE. Just like PEiD, drag and drop the file into DIE and watch..
CFF Explorer
We have to install CFF Explorer after downloaded it. Then run the CFF Explorer. Click on 'Open' in 'File' tab and choose file to analyse.
Now we know some stuff about our targeted file. It's time to read its source codes. If there is malware inside of file, we'll find out by analysing its source codes.
I use dnSpy to read source code. You can use different software of course. Drag and drop file into dnSpy to make it readable.
P.S. If our file has been obfuscated or compressed, source codes may not be readable. You have to deobfuscate it first.
It's a static analysis by reading its source codes. Now, how to perform dynamic analysis..
How to Perform Dynamic Analysis?
For dynamic analysis, you need to run it on virtual machine windows or sandboxie.
Run the file and observe what's happening to system. If there are something running on background without permission, it's malware.
Or, we can open WireShark first and after then run our file and listen it. We can find out if it's malware by monitoring what's happening to network.
These are just basic infos about malware analysis. Research more if you wanna be advanced yourself. Take care!
Source: https://www.turkhackteam.org/zararli-yazilim-analizi/1744311-basit-malware-analizi-senzero.html
Translator: R4V3N
