Malware Analysis;: A Systematic Approach
MetadataShow full item record
An almost incomprehensible amount of data and information is stored on millions and millions of computers worldwide. The computers, interconnected in local, national and international networks, use and share a high number of various software programs. Individuals, corporations, hospitals, communication networks, authorities among others are totally dependent on the reliability and accessibility of the data and information stored, and on the correct and predictable operation of the soft ware programs, the computers and the networks connecting them. Malware types have different objectives and apply different techniques, but they all compromise security in one way or another. To be able to defend against the threat imposed by malware we need to understand both how and why the malware exists. Malware is under constant development, exploiting new vulnerabilities, employing more advanced techniques, and finding new ways to compromise computer security. This document presents the nature of malware today and outlines some analytical techniques used by security experts. Furthermore, a process for analyzing malware samples with the goal of discovering the behaviour of the samples and techniques used by the samples is presented. A flowchart of malware analysis, with tools and procedures, is suggested. The analysis process is shown to be effective and to minimize the time consumption of manual malware analysis. An analysis is performed on two distinct malware samples, disclosing behaviour, location, encryption techniques, and other techniques employed by the samples. It is demonstrated that the two malware samples, both using advanced techniques, have different objectives and varying functionality. Although complex in behaviour, the malware samples show evidence of lacking programming skills with the malware designers, rendering the malware less effective than intended. Both samples are distributed in a packed form. The process of unpacking each of the samples is described together with an outlining of the unpacking process.