Types of Malicious Software - PDF
VerifiedAdded on 2021/06/14
|25
|4952
|204
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Table of Contents
1. Introduction...........................................................................................................................................1
1.1 Malware................................................................................................................................................1
1.2 Types of malicious software................................................................................................................1
2. PART A-Questions and Answers.........................................................................................................3
3. PART B- Questions and Answers.........................................................................................................9
4. TOOLS.................................................................................................................................................13
References................................................................................................................................................21
1. Introduction...........................................................................................................................................1
1.1 Malware................................................................................................................................................1
1.2 Types of malicious software................................................................................................................1
2. PART A-Questions and Answers.........................................................................................................3
3. PART B- Questions and Answers.........................................................................................................9
4. TOOLS.................................................................................................................................................13
References................................................................................................................................................21
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1. Introduction
1.1 Malware
Malware is known as malicious software. It is a software affect to the computer system.
Malware it is a kind of viruses, Trojans, spyware. It works to be steal the protected data or
documents created by the user. And it acts as a spy to cause affect. Spyware is one kind of
malware and it monitor the user location and get through secret data. Adware is another kind of
software it affects in the way of share the information with advertisers and unwanted ads. Worms
and viruses is the special kind of virus to affect entire system. We can use anti-malware software
to provide a prevention to this malware. Firewall is like protection to this malware. And this
malicious software’s works in the function like delete the secret data as well as stealing the data.
1.2 Types of malicious software
Spyware
Viruses
Worm
Trapdoor
Logic bomb
Trojan
RAT
Mobile malicious code
Malicious font
Rootkit
Spyware
Spyware is one kind of program or software the main aim of this spyware is getting the
information about the person without the vision of user. And whatever information handled by
spyware it upload that in the internet as ad. It can enter into the computer in the way ofinstalling
new software by using pen drives or any other way.
1
1.1 Malware
Malware is known as malicious software. It is a software affect to the computer system.
Malware it is a kind of viruses, Trojans, spyware. It works to be steal the protected data or
documents created by the user. And it acts as a spy to cause affect. Spyware is one kind of
malware and it monitor the user location and get through secret data. Adware is another kind of
software it affects in the way of share the information with advertisers and unwanted ads. Worms
and viruses is the special kind of virus to affect entire system. We can use anti-malware software
to provide a prevention to this malware. Firewall is like protection to this malware. And this
malicious software’s works in the function like delete the secret data as well as stealing the data.
1.2 Types of malicious software
Spyware
Viruses
Worm
Trapdoor
Logic bomb
Trojan
RAT
Mobile malicious code
Malicious font
Rootkit
Spyware
Spyware is one kind of program or software the main aim of this spyware is getting the
information about the person without the vision of user. And whatever information handled by
spyware it upload that in the internet as ad. It can enter into the computer in the way ofinstalling
new software by using pen drives or any other way.
1
Viruses
Virus is a kind of code or some software it can enter the system in the way of copying
another program or it can enter while booting. It can be spread by either email or some new
downloaded file or by the cd or pen drive it can enter in the system.
Worm
Worm also affect the computer system in the way of put duplicate files or create the
duplicate file in that the original document. While the system works are stopped or slowing, it
could be entered.
Logic bomb
Logic bomb is another kind of programming code and it vision is like an executable file.
If some program execution is delayed for some action in the gap this logic bomb entered. It
make delete or corrupt the data.
Trapdoor
Trapdoor is used to getting the access of another system without that system permission
like without knowing the password. Hackers generally using this trapdoor to get the person
details.
Trojan
Trojan is the way of programmable code or software code it can make an affect or
damage in the hard disk. Trojan is part of malicious virus.
RAT
RAT is known as remote admin Trojans it has a remote control to access a machine. And
this is used to get the password and steal the information. And it is invisible to the user and it can
entered via cd or pen drive.
2
Virus is a kind of code or some software it can enter the system in the way of copying
another program or it can enter while booting. It can be spread by either email or some new
downloaded file or by the cd or pen drive it can enter in the system.
Worm
Worm also affect the computer system in the way of put duplicate files or create the
duplicate file in that the original document. While the system works are stopped or slowing, it
could be entered.
Logic bomb
Logic bomb is another kind of programming code and it vision is like an executable file.
If some program execution is delayed for some action in the gap this logic bomb entered. It
make delete or corrupt the data.
Trapdoor
Trapdoor is used to getting the access of another system without that system permission
like without knowing the password. Hackers generally using this trapdoor to get the person
details.
Trojan
Trojan is the way of programmable code or software code it can make an affect or
damage in the hard disk. Trojan is part of malicious virus.
RAT
RAT is known as remote admin Trojans it has a remote control to access a machine. And
this is used to get the password and steal the information. And it is invisible to the user and it can
entered via cd or pen drive.
2
Malware
Malware is known as malicious software it affect the computer system and it is in the
forms of worms and viruses.
Mobile malicious code
Its acts like a remote access to get the information and it is look like a web documents it
executes in the web browser.
Malicious font
Webpage that explore the method to describe the font and it acts as a malicious font for
the security.
Rootkits
It acts as a software tool is used as the intruders to get the access of computer knowledge
without the permission of computer. It is called as a rootkit computer and it get through by
variety of operating systems like windows and Linux. In the rootkit it has three types of rootkits
they are kernel rootkit, application rootkit and library rootkit.
2. PART A-Questions and Answers
Social engineering is used for with range of malicious activities it done by human
interaction. It do like user make mistakes and from that getting the information. It first find the
victim of the information used by the security protocols.
Attacking methods
3
Malware is known as malicious software it affect the computer system and it is in the
forms of worms and viruses.
Mobile malicious code
Its acts like a remote access to get the information and it is look like a web documents it
executes in the web browser.
Malicious font
Webpage that explore the method to describe the font and it acts as a malicious font for
the security.
Rootkits
It acts as a software tool is used as the intruders to get the access of computer knowledge
without the permission of computer. It is called as a rootkit computer and it get through by
variety of operating systems like windows and Linux. In the rootkit it has three types of rootkits
they are kernel rootkit, application rootkit and library rootkit.
2. PART A-Questions and Answers
Social engineering is used for with range of malicious activities it done by human
interaction. It do like user make mistakes and from that getting the information. It first find the
victim of the information used by the security protocols.
Attacking methods
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
This kind of attacking is performed in the human interaction. These has some methods,
Baiting
Scare ware
Pretexting
Phishing
Spear phishing
Baiting
It performs in the physical media in the kind of malware. Using this bait the malware gets
automatically into the system. It is speared like online forms.
Scare ware
Scare ware is the fraud software and it act as a good software and vision to the user. It is
known as deception software.
Pretexting
Pretexting works as to get a confirmation about the user data and their data.
Phishing
Phishing is used by the way of email and text message and make a urgent and curiosity.
Spear phishing
Spear phasing is one kind of phasing it requires more effort by done may take two
months.
Preventing methods
4
Baiting
Scare ware
Pretexting
Phishing
Spear phishing
Baiting
It performs in the physical media in the kind of malware. Using this bait the malware gets
automatically into the system. It is speared like online forms.
Scare ware
Scare ware is the fraud software and it act as a good software and vision to the user. It is
known as deception software.
Pretexting
Pretexting works as to get a confirmation about the user data and their data.
Phishing
Phishing is used by the way of email and text message and make a urgent and curiosity.
Spear phishing
Spear phasing is one kind of phasing it requires more effort by done may take two
months.
Preventing methods
4
Social engineering concepts are preventing methods to the malicious software. It has
three techniques to the prevention. First one is did not open the mail and any other files from the
internet and use multi factor authentication and update the anti-virus software often.
After opened that file we known about the attached file with email has malicious or
infected and the infected file with the original document and affected the entire system. By using
anti-virus or prevention method or scanning process we get pure document what is really in the
mail document.
1. Backup and restore the important files what you have in your system.
2. By disconnecting the internet we can stop the download items in your system.
3. And consider the safety measures when booting the system such as anti-virus and
scanning to get the resources.
4. And for the internet get the access from another system through LAN connection for
security and solve malware problems.
5. Analyze the software and find the corresponding solution.
6. Scan the file multiple files what are downloaded from the internet.
7. Maintain the disk as clean and format often.
Security defects
5
three techniques to the prevention. First one is did not open the mail and any other files from the
internet and use multi factor authentication and update the anti-virus software often.
After opened that file we known about the attached file with email has malicious or
infected and the infected file with the original document and affected the entire system. By using
anti-virus or prevention method or scanning process we get pure document what is really in the
mail document.
1. Backup and restore the important files what you have in your system.
2. By disconnecting the internet we can stop the download items in your system.
3. And consider the safety measures when booting the system such as anti-virus and
scanning to get the resources.
4. And for the internet get the access from another system through LAN connection for
security and solve malware problems.
5. Analyze the software and find the corresponding solution.
6. Scan the file multiple files what are downloaded from the internet.
7. Maintain the disk as clean and format often.
Security defects
5
Malware has the defects in the creation of operating systems or some other applications.
In the case of installing updated software in that malware make a defect. Malware provide the
executable data after the process execution.
User error
The computer system commonly has floppy disks and operating system, while booting
the operating systems may have changed. Without booting if operating system is installed then it
shows the error in the run time. Many user use the trick to run the software and use the similar
concept in the code so user get the error more times.
Static analysis used to analyze the malware without the use of running it. And this
static analysis used to analyze the capability of the malware and also provide the indicators and
has the key techniques.
Basic static analysis
And this basic static analysis it focus on the malware without the use of the code and rules and it
has various tools and techniques use to check the file is infected or not and it provide the
information such functionally and technical and provide the signatures. In that the technical
analysis tells about the file, hashes and checksums.
And the dynamic analysis about the malware focus on run the malware forgets the
malware behavior and has to observer the functions and analyzes the technical issues used in the
signature detection. Technical issues like domain names and ip address and file location and also
it analyze the attacker who has the control to access the server and that is used for command and
6
In the case of installing updated software in that malware make a defect. Malware provide the
executable data after the process execution.
User error
The computer system commonly has floppy disks and operating system, while booting
the operating systems may have changed. Without booting if operating system is installed then it
shows the error in the run time. Many user use the trick to run the software and use the similar
concept in the code so user get the error more times.
Static analysis used to analyze the malware without the use of running it. And this
static analysis used to analyze the capability of the malware and also provide the indicators and
has the key techniques.
Basic static analysis
And this basic static analysis it focus on the malware without the use of the code and rules and it
has various tools and techniques use to check the file is infected or not and it provide the
information such functionally and technical and provide the signatures. In that the technical
analysis tells about the file, hashes and checksums.
And the dynamic analysis about the malware focus on run the malware forgets the
malware behavior and has to observer the functions and analyzes the technical issues used in the
signature detection. Technical issues like domain names and ip address and file location and also
it analyze the attacker who has the control to access the server and that is used for command and
6
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
control and this is useful to more malware files and the for the dynamic analysis it is used the
sandboxes and malware engines and various tools are used for this dynamic allocation with the
sandboxes.
Virtual machines commonly based on the architectures. And it describes the functionality of the
computer system. Virtual machine is used the combination of software and hardware. It has two
types of virtual machines. They are system and process virtual machines. System virtual machine
give the sub of real machine. And it give the functionality to the whole operating systems. And
the process virtual machines used to execute the programs. Through this virtual machine we can
create multiple operating systems.
Virtual memory has taken a part in virtual machine. In the first level operating system
implementation is done by time sharing. But in the virtual machine it uses the privileged
instructions to the code. It is used to share the memory pages among the similar virtual machine.
Mainly virtual machines used in the embedded systems. In that real operating systems it prefer
the complex such as windows and Linux. Virtual machine has the benefit of operating system by
faster reboot. Next in the process virtual machine it works as an application with single process.
It’s known as application virtual machine and works as platform independent. And it uses the
high level language and it uses the interpreter for this implementation and it uses the java virtual
machine.
VM Detection
A tool competence for malware is to avoid or late investigation. Generally by carry
out one place to move another place malware analysis apprehension along with evasion.When
won, here can considerably development the period malware bottle extend in the wild
unwanted,arrest or refuse.
7
sandboxes and malware engines and various tools are used for this dynamic allocation with the
sandboxes.
Virtual machines commonly based on the architectures. And it describes the functionality of the
computer system. Virtual machine is used the combination of software and hardware. It has two
types of virtual machines. They are system and process virtual machines. System virtual machine
give the sub of real machine. And it give the functionality to the whole operating systems. And
the process virtual machines used to execute the programs. Through this virtual machine we can
create multiple operating systems.
Virtual memory has taken a part in virtual machine. In the first level operating system
implementation is done by time sharing. But in the virtual machine it uses the privileged
instructions to the code. It is used to share the memory pages among the similar virtual machine.
Mainly virtual machines used in the embedded systems. In that real operating systems it prefer
the complex such as windows and Linux. Virtual machine has the benefit of operating system by
faster reboot. Next in the process virtual machine it works as an application with single process.
It’s known as application virtual machine and works as platform independent. And it uses the
high level language and it uses the interpreter for this implementation and it uses the java virtual
machine.
VM Detection
A tool competence for malware is to avoid or late investigation. Generally by carry
out one place to move another place malware analysis apprehension along with evasion.When
won, here can considerably development the period malware bottle extend in the wild
unwanted,arrest or refuse.
7
From the analysis of malware it will not execute and not change the behavior and use
some planning to take a fake activities through the virtual machine and in the fake analysis the
malware do not stop their behavior and some malware use fake issues like registry key and
machine for the infection of the file.
Malware often change their code at the same time keep the functionality for keep safe
from detection misuse and embed the malware into the target program and the behavioral of the
malware can destroy the metamorphism. And ANI is a theory explain about the dependencies of
data in the code.
Ip analysis of software
With the use of DNS server attackers can control the machines and the secret
information. DNS is mostly used in the malware protection as control the servers. Normally the
computer system uses the malicious DNS to find the malware. By using analysis of ip can
control the malware in the traffic. Ip address has a feature in this malware detection as well as
DNS server.
Malware detection using ip
8
some planning to take a fake activities through the virtual machine and in the fake analysis the
malware do not stop their behavior and some malware use fake issues like registry key and
machine for the infection of the file.
Malware often change their code at the same time keep the functionality for keep safe
from detection misuse and embed the malware into the target program and the behavioral of the
malware can destroy the metamorphism. And ANI is a theory explain about the dependencies of
data in the code.
Ip analysis of software
With the use of DNS server attackers can control the machines and the secret
information. DNS is mostly used in the malware protection as control the servers. Normally the
computer system uses the malicious DNS to find the malware. By using analysis of ip can
control the malware in the traffic. Ip address has a feature in this malware detection as well as
DNS server.
Malware detection using ip
8
The DNS has the future behavior of malware detecting activity and malware has occurred
in the form of worms and dots. By using the DNS analyze the complex in the longer network.
Malware infection is another problem during the malware detection.
Constructing the training dataset
Training data set has the important role in the machine learning it is used to train the
classifier and it works as analyze the domains and the malwares. And it is used to predict if the ip
address is affected or not affected by the malware. Domains and control servers are collected as a
training set.
Malicious DNS detector
Tree algorithm is used in the classifier malicious DNS detector and it has proved it is
efficient in classify the malicious domain and these classifier built in the training period. In the
node some attributes must be examined.
Malware configuration
It used to malware and ransom ware creation and it is involved in malware pattern
matching and analyze the secret files that contain malware and used to detect the unwanted
activity and unauthorized activity. And it is used to enable the detection against the malware and
used to backup and restore the ransom ware files and used for the data security.
3. PART B- Questions and Answers
9
in the form of worms and dots. By using the DNS analyze the complex in the longer network.
Malware infection is another problem during the malware detection.
Constructing the training dataset
Training data set has the important role in the machine learning it is used to train the
classifier and it works as analyze the domains and the malwares. And it is used to predict if the ip
address is affected or not affected by the malware. Domains and control servers are collected as a
training set.
Malicious DNS detector
Tree algorithm is used in the classifier malicious DNS detector and it has proved it is
efficient in classify the malicious domain and these classifier built in the training period. In the
node some attributes must be examined.
Malware configuration
It used to malware and ransom ware creation and it is involved in malware pattern
matching and analyze the secret files that contain malware and used to detect the unwanted
activity and unauthorized activity. And it is used to enable the detection against the malware and
used to backup and restore the ransom ware files and used for the data security.
3. PART B- Questions and Answers
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In malware there are two types of analysis are available. One is static analysis and
another one dynamic analysis. Static analysis means the malware runs in actual method. Static
analysis means actual analysis and dynamic analysis means behavior analysis. Using dynamic
analysis the executable malwares are controlled and also monitored.
Each and every technique includes some elements of information’s, they are used to
conduct the static analysis.
The actual codes and instructions are displayed by using static analysis. The capabilities
of the malware and true intent of the malware are identified by using the static analysis. Using
this technique the technical indicators are easily detected. In static analysis types of key elements
are used.
The malware behaviors are accepted by the dynamic analysis. Using dynamic analysis
the technical indicators are detect the signature. The basic dynamic analyses are revealed by the
technical indicators. It includes domain names, IP address, and file path location on the system or
network.
The automated sandboxes and malware engines are used to rectify the information’s. The
technical indicators are used to associate the malware detection
10
another one dynamic analysis. Static analysis means the malware runs in actual method. Static
analysis means actual analysis and dynamic analysis means behavior analysis. Using dynamic
analysis the executable malwares are controlled and also monitored.
Each and every technique includes some elements of information’s, they are used to
conduct the static analysis.
The actual codes and instructions are displayed by using static analysis. The capabilities
of the malware and true intent of the malware are identified by using the static analysis. Using
this technique the technical indicators are easily detected. In static analysis types of key elements
are used.
The malware behaviors are accepted by the dynamic analysis. Using dynamic analysis
the technical indicators are detect the signature. The basic dynamic analyses are revealed by the
technical indicators. It includes domain names, IP address, and file path location on the system or
network.
The automated sandboxes and malware engines are used to rectify the information’s. The
technical indicators are used to associate the malware detection
10
IDA stands for professional grade dissembler. It’s a most popular disassemble, used in
reverse engineering technique. It’s not support the free community addition. IDA pro 5 is a type
of free community addition.
The code is reconstructed by the popular disassemble. All the codes are in binary form,
so we need to change code in assembler manner. And the executable information’s are used in
assembly code for debug the errors.
The IDA stack analysis have a types of information, these information’s are used in
reverse engineering process. IDA pro script serious is used to share the knowledge’s and also the
tools with the community. It also provides some additional tools like tilib is a special type tool is
used to describe the separate download.
Using this tool the important functions are identified with a name also. The matching
function prototype is used to find the similarities between two functions.
The ransomware always target the following resources like audio, video, images, etc. for
this reason ATC becomes more suspicious. It performs the programs as well as the files also.
First it needs to perform the actions and change the file types
11
reverse engineering technique. It’s not support the free community addition. IDA pro 5 is a type
of free community addition.
The code is reconstructed by the popular disassemble. All the codes are in binary form,
so we need to change code in assembler manner. And the executable information’s are used in
assembly code for debug the errors.
The IDA stack analysis have a types of information, these information’s are used in
reverse engineering process. IDA pro script serious is used to share the knowledge’s and also the
tools with the community. It also provides some additional tools like tilib is a special type tool is
used to describe the separate download.
Using this tool the important functions are identified with a name also. The matching
function prototype is used to find the similarities between two functions.
The ransomware always target the following resources like audio, video, images, etc. for
this reason ATC becomes more suspicious. It performs the programs as well as the files also.
First it needs to perform the actions and change the file types
11
The sophisticated package techniques are used in several ransomwares. Typically the
malware is classified in different class. In the sophisticated technique different statistical
analyses are used.
The applications are performing the set of actions. They follow the step by step process.
First step installation, and second one is checking the characteristics of the system.
A ransom ware infection is affected all encrypted files and make to lose the content or
some files. By the encryption we can control the data stealing and infection and by the
encryption method we can avoid the ransom ware.
Ransom ware encryption tool such as signsrch is used in the multiple encryption and it has
certain strains have one solution and in generally the decryption is easy by the tool but need
some technical methods.
The ransom ware encrypts the files using the symmetric crypto key system and encrypt the
key by using asymmetric encryption and for this implementation the AES key is needed.
12
malware is classified in different class. In the sophisticated technique different statistical
analyses are used.
The applications are performing the set of actions. They follow the step by step process.
First step installation, and second one is checking the characteristics of the system.
A ransom ware infection is affected all encrypted files and make to lose the content or
some files. By the encryption we can control the data stealing and infection and by the
encryption method we can avoid the ransom ware.
Ransom ware encryption tool such as signsrch is used in the multiple encryption and it has
certain strains have one solution and in generally the decryption is easy by the tool but need
some technical methods.
The ransom ware encrypts the files using the symmetric crypto key system and encrypt the
key by using asymmetric encryption and for this implementation the AES key is needed.
12
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
For the decryption number of tools is used to removal of ransom ware and we can use the
tools directly. In that autolocky is a tool make decryption as feasible and another one is hydra
craft and it is used to lock your computer and decrypt locker is an online tool is used to decrypt
the encrypted files
4. TOOLS
Definition of PEiD
In PEiD, three different methods are used; they are suitable for a distinct purpose. In each
entry point include no of documented signature, the entire file in the documented signature are
scanned by the hardcore.
The detection ratio will increase based on the deep mode. The complete scanning process
takes huge amount of time period. Using error control method, the final result will be accurate
and also effective.
Debugger
We know that debugger is a software program. Debugger are used to test the errors and
also used to find errors on some other programs. Debugger is a tool for find the errors in our
program. The software developer or programmer, use the debugger tool for test and debug the
target program.
Basically debugger tools are used for the testing purpose. Debugger has an ability to stop
the program according to the conditions. Debugger tool locate the error and mention the position
of the error.
Resource hacker tool
13
tools directly. In that autolocky is a tool make decryption as feasible and another one is hydra
craft and it is used to lock your computer and decrypt locker is an online tool is used to decrypt
the encrypted files
4. TOOLS
Definition of PEiD
In PEiD, three different methods are used; they are suitable for a distinct purpose. In each
entry point include no of documented signature, the entire file in the documented signature are
scanned by the hardcore.
The detection ratio will increase based on the deep mode. The complete scanning process
takes huge amount of time period. Using error control method, the final result will be accurate
and also effective.
Debugger
We know that debugger is a software program. Debugger are used to test the errors and
also used to find errors on some other programs. Debugger is a tool for find the errors in our
program. The software developer or programmer, use the debugger tool for test and debug the
target program.
Basically debugger tools are used for the testing purpose. Debugger has an ability to stop
the program according to the conditions. Debugger tool locate the error and mention the position
of the error.
Resource hacker tool
13
Resource hacker tool is a small tool but excellent performance. Resource hacker are used
to modify the system like DLL, EXE, CPL, etc. using resource hacker we can easily edit the
windows files and also replacing their resources.
In resource hacker include different types of directories
1. AVI- contain AVI files
2. Cursor- contain cursor files
3. Bitmap- bitmap files are contain
4. Icon- contain icons
5. Menu- contain menus
6. Dialogue- contain dialogue boxes
7. Version info- contain version information of the files
Fake net
Using fake net tool the malicious software is analysis dynamically. Fake net tools can be
easily installed and used, runs on windows. The most commonly used protocols in malware are
supported by this tool.
Using custom protocol python extension will be provided. Fake net does not need any
additional configuration. They have a flexible configuration.
Features
1. It support DNS, HTTP, and SSL
2. Meaningful files are server by the HTTP server
3. Hard code IP address are easily identified
4. Support python
5. Local host have a packets, the packet files are created and captured using fake net
tool
6. SSL traffic is automatically detected and decrypted also.
Regshot
Regshot tool is also known as pretty nifty tool. Malware analysis is done by regshot tool.
It’s also a tool used for dynamic malware analysis. Regshot is used to capture the snapshots in
14
to modify the system like DLL, EXE, CPL, etc. using resource hacker we can easily edit the
windows files and also replacing their resources.
In resource hacker include different types of directories
1. AVI- contain AVI files
2. Cursor- contain cursor files
3. Bitmap- bitmap files are contain
4. Icon- contain icons
5. Menu- contain menus
6. Dialogue- contain dialogue boxes
7. Version info- contain version information of the files
Fake net
Using fake net tool the malicious software is analysis dynamically. Fake net tools can be
easily installed and used, runs on windows. The most commonly used protocols in malware are
supported by this tool.
Using custom protocol python extension will be provided. Fake net does not need any
additional configuration. They have a flexible configuration.
Features
1. It support DNS, HTTP, and SSL
2. Meaningful files are server by the HTTP server
3. Hard code IP address are easily identified
4. Support python
5. Local host have a packets, the packet files are created and captured using fake net
tool
6. SSL traffic is automatically detected and decrypted also.
Regshot
Regshot tool is also known as pretty nifty tool. Malware analysis is done by regshot tool.
It’s also a tool used for dynamic malware analysis. Regshot is used to capture the snapshots in
14
malware. Goal of this tool was identify any changes are done in malware. Regshot have a own
virtual machine, so it’s applicable only on their own virtual machine.
In execution of the system malware made no of changes. So we need to find the changes
using regshot. They are not monitoring any other system.
In above fig shows regshot window. In this window represent two main buttons. If you
are clicking first shot button, it means first shot will performed. First operation will executed
completely then run the malware.
PEview
PE stands for portable execute. It is an easy to use and also free application. The
information’s are stored in the portable executable file headers and different sections of the file.
15
virtual machine, so it’s applicable only on their own virtual machine.
In execution of the system malware made no of changes. So we need to find the changes
using regshot. They are not monitoring any other system.
In above fig shows regshot window. In this window represent two main buttons. If you
are clicking first shot button, it means first shot will performed. First operation will executed
completely then run the malware.
PEview
PE stands for portable execute. It is an easy to use and also free application. The
information’s are stored in the portable executable file headers and different sections of the file.
15
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PEview is a light Wight program the execution size in very small. Execution is done in
around 70 kb in size. To use the PEview tool is little tuff. Because the all the files are PE file
format.
PE does not provide any tips for find the necessary information. All the efficient
information’s are found out on their own way. PEview is one of the best tools to analyze the
malware.
MD5 deep
MD5 deep is a combination of several computer programs. MD5, SHA 1, SHA 256 are
the computer programs included in MD5 deep. Md5 sum program are little similar to the md5
deeper. Md5 sum program are found in the GNU Coreutils package. It performed the operations
of match the files, find the missing files, move the set of files.
Md5 deep latest version 3.9.1 released
16
around 70 kb in size. To use the PEview tool is little tuff. Because the all the files are PE file
format.
PE does not provide any tips for find the necessary information. All the efficient
information’s are found out on their own way. PEview is one of the best tools to analyze the
malware.
MD5 deep
MD5 deep is a combination of several computer programs. MD5, SHA 1, SHA 256 are
the computer programs included in MD5 deep. Md5 sum program are little similar to the md5
deeper. Md5 sum program are found in the GNU Coreutils package. It performed the operations
of match the files, find the missing files, move the set of files.
Md5 deep latest version 3.9.1 released
16
Crypto locker
Crypto locker is the most famous malware. Crypto locker is also known as ransom ware. It not
only used for the system lock, they used to encrypt the certain files in the system hard drive.
Basically social engineering techniques are using crypto locker technique.
The following register key is used to log each file encrypted.
HKEY_CURRENT_USERSoftwareCryptoLokerFile
How to avoid crypto locker
Malware spread the via email is done by the social engineering technique. To avoid the malware
should follow the following steps
1. To avoid the email from unknown servers. Particularly these types of files are attached in
files. By chance, clicking the link or the file, the malicious will be appear
2. In windows lot of file extensions are there. We want to disable the hidden file extension
from windows. Then we avoid hardware problems or any other incident as well. This is
also used to improve the damage part in the malware infections.
17
Crypto locker is the most famous malware. Crypto locker is also known as ransom ware. It not
only used for the system lock, they used to encrypt the certain files in the system hard drive.
Basically social engineering techniques are using crypto locker technique.
The following register key is used to log each file encrypted.
HKEY_CURRENT_USERSoftwareCryptoLokerFile
How to avoid crypto locker
Malware spread the via email is done by the social engineering technique. To avoid the malware
should follow the following steps
1. To avoid the email from unknown servers. Particularly these types of files are attached in
files. By chance, clicking the link or the file, the malicious will be appear
2. In windows lot of file extensions are there. We want to disable the hidden file extension
from windows. Then we avoid hardware problems or any other incident as well. This is
also used to improve the damage part in the malware infections.
17
3. By chance we are infected by malware; we also have a backup copy of this file. So the
efficient files are gathered easily.
4. This type of attack is performed in high business model.
Crypto locker and ransom ware are in same family. It’s a business model based on the user
requirements. This type of virus also knows as police virus. Mainly crypto locker is theft the
users details like documents, videos, audios, files, and so on.
Crypto locker is encrypting the files in windows computers. We know that encryption
means first we need to decrypt the file before the file open. After the completion of decryption
then open the encrypted file.
Crypto locker has an ability to affect any types of file. It just include insert the local drives
on your computers or USB keys or external hard drives are inserted into your computer for theft
our personal details.
The important information’s are easily collected by this method. It can shard any kind of
networks.
The following extensions are the basic examples for affected files
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx,
*.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg,
*.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe,
img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef,
*.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der,
*.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
18
efficient files are gathered easily.
4. This type of attack is performed in high business model.
Crypto locker and ransom ware are in same family. It’s a business model based on the user
requirements. This type of virus also knows as police virus. Mainly crypto locker is theft the
users details like documents, videos, audios, files, and so on.
Crypto locker is encrypting the files in windows computers. We know that encryption
means first we need to decrypt the file before the file open. After the completion of decryption
then open the encrypted file.
Crypto locker has an ability to affect any types of file. It just include insert the local drives
on your computers or USB keys or external hard drives are inserted into your computer for theft
our personal details.
The important information’s are easily collected by this method. It can shard any kind of
networks.
The following extensions are the basic examples for affected files
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx,
*.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg,
*.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe,
img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef,
*.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der,
*.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
18
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Malware encryption
For security purpose encryption is the most important feature, to avoid malware especially
ransom ware. Encryption is nothing but is the process of encoding the information. So using
encryption only authorized user can access the information.
If you want to send the message safety and effectively encryption is the best way. In
encryption the plain text are converted to cipher text for the security reason. This operation is
made by the keyword.
19
For security purpose encryption is the most important feature, to avoid malware especially
ransom ware. Encryption is nothing but is the process of encoding the information. So using
encryption only authorized user can access the information.
If you want to send the message safety and effectively encryption is the best way. In
encryption the plain text are converted to cipher text for the security reason. This operation is
made by the keyword.
19
Encryption is also used to establishing the connection between the malware and its
command and control server unit. They are using some key elements for decrypt the data or
recover the data
20
command and control server unit. They are using some key elements for decrypt the data or
recover the data
20
References
A.Saeed, I., Selamat, A. and M. A. Abuagoub, A. (2013). A Survey on Malware and
Malware Detection Systems. International Journal of Computer Applications,
67(16), pp.25-31.
Bird, K. (2014). Sandboxing: a line in the sand against malware. Network Security,
2014(4), pp.18-20.
HU, Y., XIAO, R., JIANG, J., HAN, J., NI, Y., DU, X. and FANG, L. (2013). Virtual
machine memory of real-time monitoring and adjusting on-demand based on Xen
virtual machine. Journal of Computer Applications, 33(1), pp.254-257.
HUANG, Q., WU, D. and SUN, X. (2010). Hierarchical method to analyze malware
behavior. Journal of Computer Applications, 30(4), pp.1048-1052.
Infectious Malware-Analysis and Protective Measures. (2015). International Journal
of Science and Research (IJSR), 4(12), pp.1101-1105.
Ismail, I., Marsono, M., Khammas, B. and Nor, S. (2015). Incorporating known
malware signatures to classify new malware variants in network
traffic. International Journal of Network Management, 25(6), pp.471-489.
Kong, D. and Yan, G. (2013). Discriminant malware distance learning on
structuralinformation for automated malware classification. ACM SIGMETRICS
Performance Evaluation Review, 41(1), p.347.
Mahawer, D. and Nagaraju, A. (2013). Metamorphic malware detection using base
malware identification approach. Security and Communication Networks, 7(11),
pp.1719-1733.
MENG, J. and LU, X. (2010). Reliability optimization of virtual machine monitor
Xen. Journal of Computer Applications, 30(9), pp.2358-2361.
21
A.Saeed, I., Selamat, A. and M. A. Abuagoub, A. (2013). A Survey on Malware and
Malware Detection Systems. International Journal of Computer Applications,
67(16), pp.25-31.
Bird, K. (2014). Sandboxing: a line in the sand against malware. Network Security,
2014(4), pp.18-20.
HU, Y., XIAO, R., JIANG, J., HAN, J., NI, Y., DU, X. and FANG, L. (2013). Virtual
machine memory of real-time monitoring and adjusting on-demand based on Xen
virtual machine. Journal of Computer Applications, 33(1), pp.254-257.
HUANG, Q., WU, D. and SUN, X. (2010). Hierarchical method to analyze malware
behavior. Journal of Computer Applications, 30(4), pp.1048-1052.
Infectious Malware-Analysis and Protective Measures. (2015). International Journal
of Science and Research (IJSR), 4(12), pp.1101-1105.
Ismail, I., Marsono, M., Khammas, B. and Nor, S. (2015). Incorporating known
malware signatures to classify new malware variants in network
traffic. International Journal of Network Management, 25(6), pp.471-489.
Kong, D. and Yan, G. (2013). Discriminant malware distance learning on
structuralinformation for automated malware classification. ACM SIGMETRICS
Performance Evaluation Review, 41(1), p.347.
Mahawer, D. and Nagaraju, A. (2013). Metamorphic malware detection using base
malware identification approach. Security and Communication Networks, 7(11),
pp.1719-1733.
MENG, J. and LU, X. (2010). Reliability optimization of virtual machine monitor
Xen. Journal of Computer Applications, 30(9), pp.2358-2361.
21
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Pektaş, A. and Acarman, T. (2013). A dynamic malware analyzer against virtual
machine aware malicious software. Security and Communication Networks, 7(12),
pp.2245-2257.
Pektaş, A. and Acarman, T. (2013). A dynamic malware analyzer against virtual
machine aware malicious software. Security and Communication Networks, 7(12),
pp.2245-2257.
Pope, M., Warkentin, M. and Luo, X. (2012). Evolutionary Malware. International
Journal of Wireless Networks and Broadband Technologies, 2(3), pp.52-60.
Tahir, R. (2018). A Study on Malware and Malware Detection
Techniques. International Journal of Education and Management Engineering,
8(2), pp.20-30.
YAGI, T., MURAYAMA, J., HARIU, T. and OHSAKI, H. (2013). Evaluations and
Analysis of Malware Prevention Methods on Websites. IEICE Transactions on
Communications, E96.B(12), pp.3091-3100.
YANG, Y., SU, P., YING, L. and FENG, D. (2011). Dependency-Based Malware
Similarity Comparison Method. Journal of Software, 22(10), pp.2438-2453.
A Design and Implementation of Sample Distributed Virtual Machine for Distributed
Environment. (2004). The KIPS Transactions:PartA, 11A(4), pp.251-256.
A Secure Encryption-Based Malware Detection System. (2018). KSII Transactions on
Internet and Information Systems, 12(4).
Alatabbi, A. (2013). Malware Detection using Computational Biology
Tools. International Journal of Engineering and Technology, pp.315-319.
Fowler, J. (2017). Compression of Virtual-Machine Memory in Dynamic Malware
Analysis. Journal of Digital Forensics, Security and Law.
22
machine aware malicious software. Security and Communication Networks, 7(12),
pp.2245-2257.
Pektaş, A. and Acarman, T. (2013). A dynamic malware analyzer against virtual
machine aware malicious software. Security and Communication Networks, 7(12),
pp.2245-2257.
Pope, M., Warkentin, M. and Luo, X. (2012). Evolutionary Malware. International
Journal of Wireless Networks and Broadband Technologies, 2(3), pp.52-60.
Tahir, R. (2018). A Study on Malware and Malware Detection
Techniques. International Journal of Education and Management Engineering,
8(2), pp.20-30.
YAGI, T., MURAYAMA, J., HARIU, T. and OHSAKI, H. (2013). Evaluations and
Analysis of Malware Prevention Methods on Websites. IEICE Transactions on
Communications, E96.B(12), pp.3091-3100.
YANG, Y., SU, P., YING, L. and FENG, D. (2011). Dependency-Based Malware
Similarity Comparison Method. Journal of Software, 22(10), pp.2438-2453.
A Design and Implementation of Sample Distributed Virtual Machine for Distributed
Environment. (2004). The KIPS Transactions:PartA, 11A(4), pp.251-256.
A Secure Encryption-Based Malware Detection System. (2018). KSII Transactions on
Internet and Information Systems, 12(4).
Alatabbi, A. (2013). Malware Detection using Computational Biology
Tools. International Journal of Engineering and Technology, pp.315-319.
Fowler, J. (2017). Compression of Virtual-Machine Memory in Dynamic Malware
Analysis. Journal of Digital Forensics, Security and Law.
22
HU, Y., XIAO, R., JIANG, J., HAN, J., NI, Y., DU, X. and FANG, L. (2013). Virtual
machine memory of real-time monitoring and adjusting on-demand based on Xen
virtual machine. Journal of Computer Applications, 33(1), pp.254-257.
Lau, B. and Svajcer, V. (2008). Measuring virtual machine detection in malware using
DSD tracer. Journal in Computer Virology, 6(3), pp.181-195.
Milosevic, N., Dehghantanha, A. and Choo, K. (2017). Machine learning aided
Android malware classification. Computers & Electrical Engineering, 61, pp.266-
274.
Ollmann, G. (2008). The evolution of commercial malware development kits and
colour-by-numbers custom malware. Computer Fraud & Security, 2008(9), pp.4-
7.
Pektaş, A. and Acarman, T. (2013). A dynamic malware analyzer against virtual
machine aware malicious software. Security and Communication Networks, 7(12),
pp.2245-2257.
Yang, R., Kang, V., Albouq, S. and Zohdy, M. (2015). Application of Hybrid
Machine Learning to Detect and Remove Malware. Transactions on Machine
Learning and Artificial Intelligence, 3(4).
http://www.starstandard.org/images/guidelines/DIG2012v1/ch11s03.html
https://www.incapsula.com/web-application-security/social-engineering-attack.html
https://en.wikipedia.org/wiki/Virtual_machine
https://en.wikipedia.org/wiki/Malware
https://help.deepsecurity.trendmicro.com/10/0/Protection-Modules/Anti-Malware/ui-
policies-rules-amconfig.html
23
machine memory of real-time monitoring and adjusting on-demand based on Xen
virtual machine. Journal of Computer Applications, 33(1), pp.254-257.
Lau, B. and Svajcer, V. (2008). Measuring virtual machine detection in malware using
DSD tracer. Journal in Computer Virology, 6(3), pp.181-195.
Milosevic, N., Dehghantanha, A. and Choo, K. (2017). Machine learning aided
Android malware classification. Computers & Electrical Engineering, 61, pp.266-
274.
Ollmann, G. (2008). The evolution of commercial malware development kits and
colour-by-numbers custom malware. Computer Fraud & Security, 2008(9), pp.4-
7.
Pektaş, A. and Acarman, T. (2013). A dynamic malware analyzer against virtual
machine aware malicious software. Security and Communication Networks, 7(12),
pp.2245-2257.
Yang, R., Kang, V., Albouq, S. and Zohdy, M. (2015). Application of Hybrid
Machine Learning to Detect and Remove Malware. Transactions on Machine
Learning and Artificial Intelligence, 3(4).
http://www.starstandard.org/images/guidelines/DIG2012v1/ch11s03.html
https://www.incapsula.com/web-application-security/social-engineering-attack.html
https://en.wikipedia.org/wiki/Virtual_machine
https://en.wikipedia.org/wiki/Malware
https://help.deepsecurity.trendmicro.com/10/0/Protection-Modules/Anti-Malware/ui-
policies-rules-amconfig.html
23
https://us.norton.com/internetsecurity-malware-7-tips-to-prevent-ransomware.html
En.wikipedia.org. (2018). Malware. [online] Available at:
https://en.wikipedia.org/wiki/Malware [Accessed 23 May 2018].
24
En.wikipedia.org. (2018). Malware. [online] Available at:
https://en.wikipedia.org/wiki/Malware [Accessed 23 May 2018].
24
1 out of 25
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.