Introduction To Malware Analysis
Malware is an executable binary that is malicious in nature. Malware’s can be used by attackers to perform variety of malicious actions like Spying on the target using Keyloggers or RAT’S, they can also delete your data or encrypt your data for “Ransom”.
Types of Malware:
Malware is designed to perform malicious actions and they have different functionality. Various types of Malware are:
- Trojans –
Trojans can destroy data and exfiltrate data and can also be used for spying.
- Rat’s –
This type of malware allows attacker to remotely access and execute commands on system.
- Ransomware –
Ransomware encrypts all files on the system and holds the System and its data for ransom.
- Dropper –
Droppers functionality is to download/drop additional malware.
What is Malware Analysis?
Malware Analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample and extracting as much information from it. The information that is extracted helps to understand the functionality and scope of malware, how the system was infected and how to defend against similar attacks in future.
- To understand the type of malware and its functionality.
- Determine how the system was infected by malware and define if it was a targeted attack or a phishing attack.
- How malware communicates with attacker.
- Future detection of malware and generating signatures.
Types of Malware Analysis:
- Static analysis –
It is a process of analyzing the malware without executing or running it. This analysis is used to extract as much metadata from malware as possible like P.E headers strings etc.
- Dynamic analysis –
It is process of executing malware and analyzing its functionality and behavior. This analysis helps to know what malware does during its execution using debugger.
- Code analysis –
It is a process of analyzing/reverse engineering assembly code. It is combination of both static and dynamic analysis.
- Behavioral analysis –
It is the process of analyzing and monitoring the malware after execution. It involves monitoring the processes, registry entries and network monitoring to determine the workings of the malware.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.