App Review Using Hybrid Analysis for Initial Malware Assessment

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
struppigel

struppigel

Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
656


Automatic sandbox systems like Hybrid-Analysis are a great way to speed up malware analysis. We find a file flagged as keylogger that has almost no antivirus detections.

Report: Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'space-fighter-rebellion.exe'

00:00 Introduction
00:17 What is Hybrid Analysis, hunting undetected malware
04:28 Sample flagged as keylogger, things I look at first
05:45 File Details: Hashes explained
09:47 File Details: compiler, version info, icon, PortEx visualization
14:40 File Sections
14:58 File Imports: when is ImpHash useless
15:23 Screenshots: conclusions related to risk assessment
17:00 Processes, API calls, was there process injection
19:17 Network Analysis
19:32 Why was it flagged as keylogger
20:42 Extracted Strings: UAC bypass?
22:04 Dropped Files
25:05 Malicious Indicators
27:05 Suspicious Indicators
33:46 Summary: Is this file malicious? How to proceed with analysis?
35:09 Summary: General tips for malware analysis with sandbox systems
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
2022-10-29_12-44-16.jpg


Nice update just noted.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top