Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Using Hybrid Analysis for Initial Malware Assessment
Message
<blockquote data-quote="struppigel" data-source="post: 997846" data-attributes="member: 86910"><p>[MEDIA=youtube]HHfmI_FFFPQ[/MEDIA]</p><p></p><p>Automatic sandbox systems like Hybrid-Analysis are a great way to speed up malware analysis. We find a file flagged as keylogger that has almost no antivirus detections.</p><p></p><p>Report: <a href="https://www.hybrid-analysis.com/sample/0c46eef8d35e15b87fad288621eb2c8f71fd6fb4ac068a9401411e6fc63cd300/62e0ee20cc00a4781b7710ed" target="_blank">Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'space-fighter-rebellion.exe'</a></p><p></p><p>00:00 Introduction</p><p>00:17 What is Hybrid Analysis, hunting undetected malware</p><p>04:28 Sample flagged as keylogger, things I look at first</p><p>05:45 File Details: Hashes explained</p><p>09:47 File Details: compiler, version info, icon, PortEx visualization</p><p>14:40 File Sections</p><p>14:58 File Imports: when is ImpHash useless</p><p>15:23 Screenshots: conclusions related to risk assessment</p><p>17:00 Processes, API calls, was there process injection</p><p>19:17 Network Analysis</p><p>19:32 Why was it flagged as keylogger</p><p>20:42 Extracted Strings: UAC bypass?</p><p>22:04 Dropped Files</p><p>25:05 Malicious Indicators</p><p>27:05 Suspicious Indicators</p><p>33:46 Summary: Is this file malicious? How to proceed with analysis?</p><p>35:09 Summary: General tips for malware analysis with sandbox systems</p></blockquote><p></p>
[QUOTE="struppigel, post: 997846, member: 86910"] [MEDIA=youtube]HHfmI_FFFPQ[/MEDIA] Automatic sandbox systems like Hybrid-Analysis are a great way to speed up malware analysis. We find a file flagged as keylogger that has almost no antivirus detections. Report: [URL="https://www.hybrid-analysis.com/sample/0c46eef8d35e15b87fad288621eb2c8f71fd6fb4ac068a9401411e6fc63cd300/62e0ee20cc00a4781b7710ed"]Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'space-fighter-rebellion.exe'[/URL] 00:00 Introduction 00:17 What is Hybrid Analysis, hunting undetected malware 04:28 Sample flagged as keylogger, things I look at first 05:45 File Details: Hashes explained 09:47 File Details: compiler, version info, icon, PortEx visualization 14:40 File Sections 14:58 File Imports: when is ImpHash useless 15:23 Screenshots: conclusions related to risk assessment 17:00 Processes, API calls, was there process injection 19:17 Network Analysis 19:32 Why was it flagged as keylogger 20:42 Extracted Strings: UAC bypass? 22:04 Dropped Files 25:05 Malicious Indicators 27:05 Suspicious Indicators 33:46 Summary: Is this file malicious? How to proceed with analysis? 35:09 Summary: General tips for malware analysis with sandbox systems [/QUOTE]
Insert quotes…
Verification
Post reply
Top
