Malware Analysis: Types, Prevention, and Task Analysis
Added on 2023-06-11
52 Pages8215 Words322 Views
Malware
Analysis
Analysis
Table of Contents
Malware analysis.........................................................................................................................................2
Malware......................................................................................................................................................2
Types of malware........................................................................................................................................2
PART 1-Task analysis.................................................................................................................................6
Basic malware analysis................................................................................................................................6
Ransom ware.............................................................................................................................................14
Overview...................................................................................................................................................14
PART 2-Task analysis...............................................................................................................................16
Analysis of malware on windows xp.........................................................................................................20
Xp setup....................................................................................................................................................22
Extracting the file......................................................................................................................................26
Analysis using Regshot tool......................................................................................................................29
Analysis using PEiD tool...........................................................................................................................33
Malware analysis using IDA.....................................................................................................................36
Tools..........................................................................................................................................................42
References.................................................................................................................................................47
1
Malware analysis.........................................................................................................................................2
Malware......................................................................................................................................................2
Types of malware........................................................................................................................................2
PART 1-Task analysis.................................................................................................................................6
Basic malware analysis................................................................................................................................6
Ransom ware.............................................................................................................................................14
Overview...................................................................................................................................................14
PART 2-Task analysis...............................................................................................................................16
Analysis of malware on windows xp.........................................................................................................20
Xp setup....................................................................................................................................................22
Extracting the file......................................................................................................................................26
Analysis using Regshot tool......................................................................................................................29
Analysis using PEiD tool...........................................................................................................................33
Malware analysis using IDA.....................................................................................................................36
Tools..........................................................................................................................................................42
References.................................................................................................................................................47
1
Malware analysis
Malware
Malicious software is known as stealing software. It hacks the user document and private data .It
enters the system via network. It works as a detective to make major cause in the system. Spyware
is one among the type of malware that detect the users place, direction, and private data without
their knowledge and send irrelevant message to the damaged system to know the system damage.
Adware is one among the type of malware, it gives irrelevant advertisement to the user and share
the unwanted document and also it behaves like software. To analysis the malware software,
computer viruses, worms are playing a major role to damage the user’s computer. To prevent
from malware there are many protection guard like firewalls. They are also much anti-virus
software to prevent form malware attack.
Types of malware
1. Viruses
2. Worms
3. Trojans
4. Root kits
5. Rat
6. Botnets
7. Spyware
8. Trap door
9. Logic bomb
10. Mobile malicious code
11. Malicious font
12. Polymorphic malware
Viruses
Virus is a way of stealing the user data .It stick in pen drive and cads, when user uses pen drive
the viruses affect the secured data. It may also in newly downloaded sites or document in the
2
Malware
Malicious software is known as stealing software. It hacks the user document and private data .It
enters the system via network. It works as a detective to make major cause in the system. Spyware
is one among the type of malware that detect the users place, direction, and private data without
their knowledge and send irrelevant message to the damaged system to know the system damage.
Adware is one among the type of malware, it gives irrelevant advertisement to the user and share
the unwanted document and also it behaves like software. To analysis the malware software,
computer viruses, worms are playing a major role to damage the user’s computer. To prevent
from malware there are many protection guard like firewalls. They are also much anti-virus
software to prevent form malware attack.
Types of malware
1. Viruses
2. Worms
3. Trojans
4. Root kits
5. Rat
6. Botnets
7. Spyware
8. Trap door
9. Logic bomb
10. Mobile malicious code
11. Malicious font
12. Polymorphic malware
Viruses
Virus is a way of stealing the user data .It stick in pen drive and cads, when user uses pen drive
the viruses affect the secured data. It may also in newly downloaded sites or document in the
2
internet. So the systems are damaged by this kind of attacks. In system software viruses are also
known as secret language. It can straightforwardly penetrate into the system. In some of the
system operations like duplicating any other programs or system starting, it has the possibility to
enter into the computer. Then while some new downloads or mails through the internet move over
from CD and pen drives. And in the back off system virus enter and activate in the document.
While the viper opens the secret languages are totally removed from the entire document.
Polymorphic malware
polymorphic malware is a type of malware; using this malware we can make automatically
change the original character. It is recognized by the malware security devices. Using
polymorphism the data are easily affected and also hacked by someone.
Logic bombs
Logic bombs are known as a programming code .It is a malware and it uses the execution of
program delay and affect the data. Logic bombs are used to affect the program execution and the
available data.
Worms
Worm is also a kind of software as virus malware .It can be the motivation of copying files from
source document. And the computer easily penetrated by this way, when engaged or the system
has a slow process. And it is used for create the duplicate system and also endangered the
system. The worms do not connect with the program. And here no need to change the document.
It can able to use it without the viper concern.
Trojans
Trojans are like software as arresting the viper. The available vipers are arrested by the Trojan
horse. It does not generate the duplicate source. It also the type of viruses but it may trigger the
hard disk and it is also one of the sections of malware. It penetrates inside the system and path of
the programming code.
Root kits
Root kits enter into the company across different operating systems like windows and Linux. It
3
known as secret language. It can straightforwardly penetrate into the system. In some of the
system operations like duplicating any other programs or system starting, it has the possibility to
enter into the computer. Then while some new downloads or mails through the internet move over
from CD and pen drives. And in the back off system virus enter and activate in the document.
While the viper opens the secret languages are totally removed from the entire document.
Polymorphic malware
polymorphic malware is a type of malware; using this malware we can make automatically
change the original character. It is recognized by the malware security devices. Using
polymorphism the data are easily affected and also hacked by someone.
Logic bombs
Logic bombs are known as a programming code .It is a malware and it uses the execution of
program delay and affect the data. Logic bombs are used to affect the program execution and the
available data.
Worms
Worm is also a kind of software as virus malware .It can be the motivation of copying files from
source document. And the computer easily penetrated by this way, when engaged or the system
has a slow process. And it is used for create the duplicate system and also endangered the
system. The worms do not connect with the program. And here no need to change the document.
It can able to use it without the viper concern.
Trojans
Trojans are like software as arresting the viper. The available vipers are arrested by the Trojan
horse. It does not generate the duplicate source. It also the type of viruses but it may trigger the
hard disk and it is also one of the sections of malware. It penetrates inside the system and path of
the programming code.
Root kits
Root kits enter into the company across different operating systems like windows and Linux. It
3
has three types of root kits. They are kernel root kits, library root kits, and application Root kits.
It is used to supply the root level entry to the system and post as the program. It has worry about
the antivirus and the moving of programs. It directly forces the system knowledge without the
computer authentication. We need to get the permission from the system then only the root kits
are avoided. It is also known as masking software but the harmful software is not held by the
Root kits.
Rat
Rat is also called as Remote Admin Trojans. It penetrates inside the system across CD or pen
drives. These Trojans are remote control to admit a system and it poach the information and get
the password .But Trojan is creating for the genuine use. It allows only the specific applications.
But following some of the hackers change its influence in the system. Even though hackers do
not list or hack the activity by Trojans.
Botnets
Botnets is a shortened virus and in this the robot networks is used to beat by the command and
control servers. This kind of viruses have different types of function and also versatile to every
system. It diminishes the traffic by damaged computers and also uses the inessential servers.
Spyware
It is a kind of software but it is in a form of program. The major goal of this technique is to get
the statistics about the person without the awareness of the viper. This is used to evaluate the
danger system and pass the information to the hacker. It acts as the malware. When the
information pass in the internet, add across this spyware. The spywares are getting the details
about the passing information, and it can easily steal the scope of the information. These are the
damaged threats in the computer and borrow information .It can easily infiltrate the systems and
in this way of installing using new drives or any others resources.
Trapdoor
Trapdoor is a type of malware. It used to hack the viper details without the content of the viper,
4
It is used to supply the root level entry to the system and post as the program. It has worry about
the antivirus and the moving of programs. It directly forces the system knowledge without the
computer authentication. We need to get the permission from the system then only the root kits
are avoided. It is also known as masking software but the harmful software is not held by the
Root kits.
Rat
Rat is also called as Remote Admin Trojans. It penetrates inside the system across CD or pen
drives. These Trojans are remote control to admit a system and it poach the information and get
the password .But Trojan is creating for the genuine use. It allows only the specific applications.
But following some of the hackers change its influence in the system. Even though hackers do
not list or hack the activity by Trojans.
Botnets
Botnets is a shortened virus and in this the robot networks is used to beat by the command and
control servers. This kind of viruses have different types of function and also versatile to every
system. It diminishes the traffic by damaged computers and also uses the inessential servers.
Spyware
It is a kind of software but it is in a form of program. The major goal of this technique is to get
the statistics about the person without the awareness of the viper. This is used to evaluate the
danger system and pass the information to the hacker. It acts as the malware. When the
information pass in the internet, add across this spyware. The spywares are getting the details
about the passing information, and it can easily steal the scope of the information. These are the
damaged threats in the computer and borrow information .It can easily infiltrate the systems and
in this way of installing using new drives or any others resources.
Trapdoor
Trapdoor is a type of malware. It used to hack the viper details without the content of the viper,
4
without knowing the password.
Mobile malicious code
The mobile malicious codes look like a web document and executes in web browser. It gets
the details about the need of web page, and also it acts like a remote device. This is also a part of
malware.
Malicious font
for safety working, the method of font as malicious as Web pages narrated.
5
Mobile malicious code
The mobile malicious codes look like a web document and executes in web browser. It gets
the details about the need of web page, and also it acts like a remote device. This is also a part of
malware.
Malicious font
for safety working, the method of font as malicious as Web pages narrated.
5
PART 1-Task analysis
Basic malware analysis
In the malware analysis, the scenario is fully based on the mail had an attachment and has
to check whether the attached file contains the malicious or not. The person opened the file
suddenly and known it was infected. It means, our files are damaged by malicious software. The
malicious files are analyzed by following steps.
Task analysis
In a social engineering attack, an attackers use the human interaction process for obtain
the information or compromise the information. This information is fully based on the
organizations or computer system. But the process of recognizing the target malicious is little
difficult like antivirus, IDS, IPS, and custom malware detection tools. The social engineering
technique is leverage by the attackers, and this technique along with one or more zero
vulnerabilities for APT deployment. In social engineering includes lot of resources like
deception, manipulation, and also limitation. These are resources are exploit by the human
elements or user of information attack.
An attacker provides the needed information and also gathers the required information
from the source. First the attacker communicates the source and all the sources are in same
organization, and rely on the information from the first source to add by his or her credibility. In
social engineering technique we are using different types of attacking methods such as baiting,
scare ware, pre texting, phishing, spear phishing.
Baiting
Baiting attack adoption is a fake agreement to a causality excess or concern. Users
attract into bait that steals their important details, information and data or exact their installed
6
Basic malware analysis
In the malware analysis, the scenario is fully based on the mail had an attachment and has
to check whether the attached file contains the malicious or not. The person opened the file
suddenly and known it was infected. It means, our files are damaged by malicious software. The
malicious files are analyzed by following steps.
Task analysis
In a social engineering attack, an attackers use the human interaction process for obtain
the information or compromise the information. This information is fully based on the
organizations or computer system. But the process of recognizing the target malicious is little
difficult like antivirus, IDS, IPS, and custom malware detection tools. The social engineering
technique is leverage by the attackers, and this technique along with one or more zero
vulnerabilities for APT deployment. In social engineering includes lot of resources like
deception, manipulation, and also limitation. These are resources are exploit by the human
elements or user of information attack.
An attacker provides the needed information and also gathers the required information
from the source. First the attacker communicates the source and all the sources are in same
organization, and rely on the information from the first source to add by his or her credibility. In
social engineering technique we are using different types of attacking methods such as baiting,
scare ware, pre texting, phishing, spear phishing.
Baiting
Baiting attack adoption is a fake agreement to a causality excess or concern. Users
attract into bait that steals their important details, information and data or exact their installed
6
systems with malware. The adoption environmental media is an example of commitment scorn
design it to get out malware
Scare ware
Scare ware is a brand of malware, created to technical fatality into bought and
downloading the worthless and possibly critical programs. Which run blooper that feature
windows computer messages, basically it perform the following objective like antivirus or
antispyware operating system, and also contains a firewall function or an attendance soap
Pretexting
Pretexting is one of the famous social engineering methods. In pre texting whatever
an imaginary time is generated being the advantages of access personal details. And also these
are the conscious details from an unwanted lone.
Phishing
Phishing is a try to earn delicate notes analogous usernames, pass code, and credit card
information, regularly for malicious bounds, as a confidentially individual in an automatic
contact. The social engineering contains several parts. Phishing is one of the famous social
engineering parts; its blackmail is email and word message crusade proposal at discovering an
impression of emergency, intrusiveness or despair in victims.
Spear phishing
An email or computerized connection scam destination almost have a unique and
individual, management or trade. Admitting often calculated to steal data for malicious principle;
the cyber culprit may also intend to run malware on an aimed victim’s computer.
7
design it to get out malware
Scare ware
Scare ware is a brand of malware, created to technical fatality into bought and
downloading the worthless and possibly critical programs. Which run blooper that feature
windows computer messages, basically it perform the following objective like antivirus or
antispyware operating system, and also contains a firewall function or an attendance soap
Pretexting
Pretexting is one of the famous social engineering methods. In pre texting whatever
an imaginary time is generated being the advantages of access personal details. And also these
are the conscious details from an unwanted lone.
Phishing
Phishing is a try to earn delicate notes analogous usernames, pass code, and credit card
information, regularly for malicious bounds, as a confidentially individual in an automatic
contact. The social engineering contains several parts. Phishing is one of the famous social
engineering parts; its blackmail is email and word message crusade proposal at discovering an
impression of emergency, intrusiveness or despair in victims.
Spear phishing
An email or computerized connection scam destination almost have a unique and
individual, management or trade. Admitting often calculated to steal data for malicious principle;
the cyber culprit may also intend to run malware on an aimed victim’s computer.
7
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Types of Malicious Software - PDFlg...
|25
|4952
|204
Malware Analysis Assignment PDFlg...
|29
|6377
|378
Understanding SQL Injection, Insider Attacks, and Malware Threats for Enhanced Cybersecuritylg...
|7
|2711
|157
Malware and their Analysislg...
|6
|2946
|81
Types of computer malwarelg...
|6
|763
|375
Malware: Types, Analysis Techniques, and Preventionlg...
|13
|4069
|89