To anyone getting into malware analysis, this blog will provide a basic introduction to the subject. Thousands of cyber incidents are occuring on the daily and majority are of the attackers use malware implants to gain entry to an organization. Incidence reports from private companies and government agencies provide a look into how evolved malwares have become. In this blog, I will define some key terms and document what is reuired to become a malware analyst.
Some key definitions;
- Malware - Is a Malicious softWare that is intended to cause harm to a system.
- Malware analysis - is the process of determining the origin, intent and impact that a specific malware does to a system. Here, an analyst will dissect the malware to understand how it works, how it can be detected and how its intended threat can be stopped.
Malware analysis involves several steps with a level of increasing complexity. As a new person to malware analysis, the easiest way to get your hands dirty is to run malware on automated tools. These tools provides reports, register artifacts, mutex, etc that an analyst can look at and gain understanding of the malware. Though the human attention to detail is limited, this maybe a great way to start and have time to focus on other analysis.
An analyst may then perfom static analysis where, without running the code, you can collect metadata of a given malware sample. Using tools such as PEiD, PEView, VirusTotal and Google, an analyst can start becoming acquinted with the specimen.
With results from automated tools and static analysis, an analyst may now decide to run the malware in an isolated lab environment to understand the behaviour of the malware based on the output of the pre installed tools in the lab.
Reverse engineering the source code to have a deeper understanding of its working may be required.
A source for Malware Samples?
Should you want to get yourself a dive into malware analysis, there are many great online resources where you can download an analyze malware samples. Word of caution though: DO NOT RUN THE MALWARE ON HOST MACHINE OR ONE WITH FILES YOU CARE ABOUT!!.
Analysis Techniques
The goal of malware analysis is not to understand every instruction on the code (something that scared me at first). Once an analyst answers key questions based on the definition of malware analysis as was defined. Malware analysis is more of an art that a science (to me) though as we all learn, there are some standard procedures that are followed while analysing malware.