Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Few questions regarding malware analysis lab - how to do it properly?
Message
<blockquote data-quote="struppigel" data-source="post: 977904" data-attributes="member: 86910"><p>1. There is no general answer to that. I depends which compiler was used. I suggest you pair your RE learning efforts with programming small C or C++ programs. Important: Disable compiler optimizations when doing so. Write really small programs and compile them. Check the compiled sample in IDA, try to find that code again and understand how it looks like in the disassembly.</p><p>2. Do the easy stuff first. Check the strings, e.g., with strings.exe. Check it in a hex editor. Then look into the code. While analysing the code, make sure to add comments and rename functions along the way. Look up the API calls. Make sure you understand and correctly identify the calling convention that is used.</p><p>3. That depends entirely on you. You are the one who sets the goals. When I check malware for blog articles, I usually try to find everything that seems novel to me. Techniques I haven't seen before. Apart from that persistence and spreading techniques are usually important and so is the main functionality or damage it does to a system. Any hints to the threat actor are interesting as well.</p></blockquote><p></p>
[QUOTE="struppigel, post: 977904, member: 86910"] 1. There is no general answer to that. I depends which compiler was used. I suggest you pair your RE learning efforts with programming small C or C++ programs. Important: Disable compiler optimizations when doing so. Write really small programs and compile them. Check the compiled sample in IDA, try to find that code again and understand how it looks like in the disassembly. 2. Do the easy stuff first. Check the strings, e.g., with strings.exe. Check it in a hex editor. Then look into the code. While analysing the code, make sure to add comments and rename functions along the way. Look up the API calls. Make sure you understand and correctly identify the calling convention that is used. 3. That depends entirely on you. You are the one who sets the goals. When I check malware for blog articles, I usually try to find everything that seems novel to me. Techniques I haven't seen before. Apart from that persistence and spreading techniques are usually important and so is the main functionality or damage it does to a system. Any hints to the threat actor are interesting as well. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
