CTEC5807: Malware Analysis and Investigation Report - 2017/18
VerifiedAdded on  2023/06/11
|52
|8215
|322
Report
AI Summary
This report provides a detailed analysis of malware, including its various types such as viruses, worms, Trojans, and rootkits. It covers basic malware analysis techniques, focusing on identifying and analyzing malicious files, understanding social engineering attacks, and implementing preventative measures. A significant portion of the report is dedicated to the analysis of malware on a Windows XP system, utilizing tools like Regshot, PEiD, and IDA for in-depth investigation. The report also discusses security defects and user errors that can lead to malware infections, offering insights into malware detection and removal processes. Desklib provides a platform for students to access this and other solved assignments for academic support.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Malware
Analysis
Analysis
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Malware analysis.........................................................................................................................................2
Malware......................................................................................................................................................2
Types of malware........................................................................................................................................2
PART 1-Task analysis.................................................................................................................................6
Basic malware analysis................................................................................................................................6
Ransom ware.............................................................................................................................................14
Overview...................................................................................................................................................14
PART 2-Task analysis...............................................................................................................................16
Analysis of malware on windows xp.........................................................................................................20
Xp setup....................................................................................................................................................22
Extracting the file......................................................................................................................................26
Analysis using Regshot tool......................................................................................................................29
Analysis using PEiD tool...........................................................................................................................33
Malware analysis using IDA.....................................................................................................................36
Tools..........................................................................................................................................................42
References.................................................................................................................................................47
1
Malware analysis.........................................................................................................................................2
Malware......................................................................................................................................................2
Types of malware........................................................................................................................................2
PART 1-Task analysis.................................................................................................................................6
Basic malware analysis................................................................................................................................6
Ransom ware.............................................................................................................................................14
Overview...................................................................................................................................................14
PART 2-Task analysis...............................................................................................................................16
Analysis of malware on windows xp.........................................................................................................20
Xp setup....................................................................................................................................................22
Extracting the file......................................................................................................................................26
Analysis using Regshot tool......................................................................................................................29
Analysis using PEiD tool...........................................................................................................................33
Malware analysis using IDA.....................................................................................................................36
Tools..........................................................................................................................................................42
References.................................................................................................................................................47
1
Malware analysis
Malware
Malicious software is known as stealing software. It hacks the user document and private data .It
enters the system via network. It works as a detective to make major cause in the system. Spyware
is one among the type of malware that detect the users place, direction, and private data without
their knowledge and send irrelevant message to the damaged system to know the system damage.
Adware is one among the type of malware, it gives irrelevant advertisement to the user and share
the unwanted document and also it behaves like software. To analysis the malware software,
computer viruses, worms are playing a major role to damage the user’s computer. To prevent
from malware there are many protection guard like firewalls. They are also much anti-virus
software to prevent form malware attack.
Types of malware
1. Viruses
2. Worms
3. Trojans
4. Root kits
5. Rat
6. Botnets
7. Spyware
8. Trap door
9. Logic bomb
10. Mobile malicious code
11. Malicious font
12. Polymorphic malware
Viruses
Virus is a way of stealing the user data .It stick in pen drive and cads, when user uses pen drive
the viruses affect the secured data. It may also in newly downloaded sites or document in the
2
Malware
Malicious software is known as stealing software. It hacks the user document and private data .It
enters the system via network. It works as a detective to make major cause in the system. Spyware
is one among the type of malware that detect the users place, direction, and private data without
their knowledge and send irrelevant message to the damaged system to know the system damage.
Adware is one among the type of malware, it gives irrelevant advertisement to the user and share
the unwanted document and also it behaves like software. To analysis the malware software,
computer viruses, worms are playing a major role to damage the user’s computer. To prevent
from malware there are many protection guard like firewalls. They are also much anti-virus
software to prevent form malware attack.
Types of malware
1. Viruses
2. Worms
3. Trojans
4. Root kits
5. Rat
6. Botnets
7. Spyware
8. Trap door
9. Logic bomb
10. Mobile malicious code
11. Malicious font
12. Polymorphic malware
Viruses
Virus is a way of stealing the user data .It stick in pen drive and cads, when user uses pen drive
the viruses affect the secured data. It may also in newly downloaded sites or document in the
2
internet. So the systems are damaged by this kind of attacks. In system software viruses are also
known as secret language. It can straightforwardly penetrate into the system. In some of the
system operations like duplicating any other programs or system starting, it has the possibility to
enter into the computer. Then while some new downloads or mails through the internet move over
from CD and pen drives. And in the back off system virus enter and activate in the document.
While the viper opens the secret languages are totally removed from the entire document.
Polymorphic malware
polymorphic malware is a type of malware; using this malware we can make automatically
change the original character. It is recognized by the malware security devices. Using
polymorphism the data are easily affected and also hacked by someone.
Logic bombs
Logic bombs are known as a programming code .It is a malware and it uses the execution of
program delay and affect the data. Logic bombs are used to affect the program execution and the
available data.
Worms
Worm is also a kind of software as virus malware .It can be the motivation of copying files from
source document. And the computer easily penetrated by this way, when engaged or the system
has a slow process. And it is used for create the duplicate system and also endangered the
system. The worms do not connect with the program. And here no need to change the document.
It can able to use it without the viper concern.
Trojans
Trojans are like software as arresting the viper. The available vipers are arrested by the Trojan
horse. It does not generate the duplicate source. It also the type of viruses but it may trigger the
hard disk and it is also one of the sections of malware. It penetrates inside the system and path of
the programming code.
Root kits
Root kits enter into the company across different operating systems like windows and Linux. It
3
known as secret language. It can straightforwardly penetrate into the system. In some of the
system operations like duplicating any other programs or system starting, it has the possibility to
enter into the computer. Then while some new downloads or mails through the internet move over
from CD and pen drives. And in the back off system virus enter and activate in the document.
While the viper opens the secret languages are totally removed from the entire document.
Polymorphic malware
polymorphic malware is a type of malware; using this malware we can make automatically
change the original character. It is recognized by the malware security devices. Using
polymorphism the data are easily affected and also hacked by someone.
Logic bombs
Logic bombs are known as a programming code .It is a malware and it uses the execution of
program delay and affect the data. Logic bombs are used to affect the program execution and the
available data.
Worms
Worm is also a kind of software as virus malware .It can be the motivation of copying files from
source document. And the computer easily penetrated by this way, when engaged or the system
has a slow process. And it is used for create the duplicate system and also endangered the
system. The worms do not connect with the program. And here no need to change the document.
It can able to use it without the viper concern.
Trojans
Trojans are like software as arresting the viper. The available vipers are arrested by the Trojan
horse. It does not generate the duplicate source. It also the type of viruses but it may trigger the
hard disk and it is also one of the sections of malware. It penetrates inside the system and path of
the programming code.
Root kits
Root kits enter into the company across different operating systems like windows and Linux. It
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
has three types of root kits. They are kernel root kits, library root kits, and application Root kits.
It is used to supply the root level entry to the system and post as the program. It has worry about
the antivirus and the moving of programs. It directly forces the system knowledge without the
computer authentication. We need to get the permission from the system then only the root kits
are avoided. It is also known as masking software but the harmful software is not held by the
Root kits.
Rat
Rat is also called as Remote Admin Trojans. It penetrates inside the system across CD or pen
drives. These Trojans are remote control to admit a system and it poach the information and get
the password .But Trojan is creating for the genuine use. It allows only the specific applications.
But following some of the hackers change its influence in the system. Even though hackers do
not list or hack the activity by Trojans.
Botnets
Botnets is a shortened virus and in this the robot networks is used to beat by the command and
control servers. This kind of viruses have different types of function and also versatile to every
system. It diminishes the traffic by damaged computers and also uses the inessential servers.
Spyware
It is a kind of software but it is in a form of program. The major goal of this technique is to get
the statistics about the person without the awareness of the viper. This is used to evaluate the
danger system and pass the information to the hacker. It acts as the malware. When the
information pass in the internet, add across this spyware. The spywares are getting the details
about the passing information, and it can easily steal the scope of the information. These are the
damaged threats in the computer and borrow information .It can easily infiltrate the systems and
in this way of installing using new drives or any others resources.
Trapdoor
Trapdoor is a type of malware. It used to hack the viper details without the content of the viper,
4
It is used to supply the root level entry to the system and post as the program. It has worry about
the antivirus and the moving of programs. It directly forces the system knowledge without the
computer authentication. We need to get the permission from the system then only the root kits
are avoided. It is also known as masking software but the harmful software is not held by the
Root kits.
Rat
Rat is also called as Remote Admin Trojans. It penetrates inside the system across CD or pen
drives. These Trojans are remote control to admit a system and it poach the information and get
the password .But Trojan is creating for the genuine use. It allows only the specific applications.
But following some of the hackers change its influence in the system. Even though hackers do
not list or hack the activity by Trojans.
Botnets
Botnets is a shortened virus and in this the robot networks is used to beat by the command and
control servers. This kind of viruses have different types of function and also versatile to every
system. It diminishes the traffic by damaged computers and also uses the inessential servers.
Spyware
It is a kind of software but it is in a form of program. The major goal of this technique is to get
the statistics about the person without the awareness of the viper. This is used to evaluate the
danger system and pass the information to the hacker. It acts as the malware. When the
information pass in the internet, add across this spyware. The spywares are getting the details
about the passing information, and it can easily steal the scope of the information. These are the
damaged threats in the computer and borrow information .It can easily infiltrate the systems and
in this way of installing using new drives or any others resources.
Trapdoor
Trapdoor is a type of malware. It used to hack the viper details without the content of the viper,
4
without knowing the password.
Mobile malicious code
The mobile malicious codes look like a web document and executes in web browser. It gets
the details about the need of web page, and also it acts like a remote device. This is also a part of
malware.
Malicious font
for safety working, the method of font as malicious as Web pages narrated.
5
Mobile malicious code
The mobile malicious codes look like a web document and executes in web browser. It gets
the details about the need of web page, and also it acts like a remote device. This is also a part of
malware.
Malicious font
for safety working, the method of font as malicious as Web pages narrated.
5
PART 1-Task analysis
Basic malware analysis
In the malware analysis, the scenario is fully based on the mail had an attachment and has
to check whether the attached file contains the malicious or not. The person opened the file
suddenly and known it was infected. It means, our files are damaged by malicious software. The
malicious files are analyzed by following steps.
Task analysis
In a social engineering attack, an attackers use the human interaction process for obtain
the information or compromise the information. This information is fully based on the
organizations or computer system. But the process of recognizing the target malicious is little
difficult like antivirus, IDS, IPS, and custom malware detection tools. The social engineering
technique is leverage by the attackers, and this technique along with one or more zero
vulnerabilities for APT deployment. In social engineering includes lot of resources like
deception, manipulation, and also limitation. These are resources are exploit by the human
elements or user of information attack.
An attacker provides the needed information and also gathers the required information
from the source. First the attacker communicates the source and all the sources are in same
organization, and rely on the information from the first source to add by his or her credibility. In
social engineering technique we are using different types of attacking methods such as baiting,
scare ware, pre texting, phishing, spear phishing.
Baiting
Baiting attack adoption is a fake agreement to a causality excess or concern. Users
attract into bait that steals their important details, information and data or exact their installed
6
Basic malware analysis
In the malware analysis, the scenario is fully based on the mail had an attachment and has
to check whether the attached file contains the malicious or not. The person opened the file
suddenly and known it was infected. It means, our files are damaged by malicious software. The
malicious files are analyzed by following steps.
Task analysis
In a social engineering attack, an attackers use the human interaction process for obtain
the information or compromise the information. This information is fully based on the
organizations or computer system. But the process of recognizing the target malicious is little
difficult like antivirus, IDS, IPS, and custom malware detection tools. The social engineering
technique is leverage by the attackers, and this technique along with one or more zero
vulnerabilities for APT deployment. In social engineering includes lot of resources like
deception, manipulation, and also limitation. These are resources are exploit by the human
elements or user of information attack.
An attacker provides the needed information and also gathers the required information
from the source. First the attacker communicates the source and all the sources are in same
organization, and rely on the information from the first source to add by his or her credibility. In
social engineering technique we are using different types of attacking methods such as baiting,
scare ware, pre texting, phishing, spear phishing.
Baiting
Baiting attack adoption is a fake agreement to a causality excess or concern. Users
attract into bait that steals their important details, information and data or exact their installed
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
systems with malware. The adoption environmental media is an example of commitment scorn
design it to get out malware
Scare ware
Scare ware is a brand of malware, created to technical fatality into bought and
downloading the worthless and possibly critical programs. Which run blooper that feature
windows computer messages, basically it perform the following objective like antivirus or
antispyware operating system, and also contains a firewall function or an attendance soap
Pretexting
Pretexting is one of the famous social engineering methods. In pre texting whatever
an imaginary time is generated being the advantages of access personal details. And also these
are the conscious details from an unwanted lone.
Phishing
Phishing is a try to earn delicate notes analogous usernames, pass code, and credit card
information, regularly for malicious bounds, as a confidentially individual in an automatic
contact. The social engineering contains several parts. Phishing is one of the famous social
engineering parts; its blackmail is email and word message crusade proposal at discovering an
impression of emergency, intrusiveness or despair in victims.
Spear phishing
An email or computerized connection scam destination almost have a unique and
individual, management or trade. Admitting often calculated to steal data for malicious principle;
the cyber culprit may also intend to run malware on an aimed victim’s computer.
7
design it to get out malware
Scare ware
Scare ware is a brand of malware, created to technical fatality into bought and
downloading the worthless and possibly critical programs. Which run blooper that feature
windows computer messages, basically it perform the following objective like antivirus or
antispyware operating system, and also contains a firewall function or an attendance soap
Pretexting
Pretexting is one of the famous social engineering methods. In pre texting whatever
an imaginary time is generated being the advantages of access personal details. And also these
are the conscious details from an unwanted lone.
Phishing
Phishing is a try to earn delicate notes analogous usernames, pass code, and credit card
information, regularly for malicious bounds, as a confidentially individual in an automatic
contact. The social engineering contains several parts. Phishing is one of the famous social
engineering parts; its blackmail is email and word message crusade proposal at discovering an
impression of emergency, intrusiveness or despair in victims.
Spear phishing
An email or computerized connection scam destination almost have a unique and
individual, management or trade. Admitting often calculated to steal data for malicious principle;
the cyber culprit may also intend to run malware on an aimed victim’s computer.
7
Yes, after touched this file the virus infected in the system for the proof is the anti-virus
in the system display the notification as the virus injected in the system. After opened this file we
can get the details about the attached with email. The email has malicious or infected and also
with the original document it totally affects the entire system. We want to avoid this situation
using antivirus software or other prevention method. Scanning process is a type of prevention
method, using this method we can easily get the pure document without any collisions. And also
we can see what is really in the mail document.
Step 1
First step is back up and also restore the important files, the important files are available in your
system.
Step 2
And the next step is disconnecting the internet. If we want to disconnect the internet then
the websites or downloading pages are stop their performance for sometimes.
Step 3
Third step is using the safety measures. In this step we can easily boot the system. Anti-
virus is a best example for step 3, because the antivirus is used for scanning the virus and also
retrieving the deleted contents.
Step 4
In step 4 you may have use another computer internet by the way of local area network
connection. The LAN connections are used for solves the malware problems and also find about
the malware. In this step we can safely download our document from the internet.
Step 5
8
in the system display the notification as the virus injected in the system. After opened this file we
can get the details about the attached with email. The email has malicious or infected and also
with the original document it totally affects the entire system. We want to avoid this situation
using antivirus software or other prevention method. Scanning process is a type of prevention
method, using this method we can easily get the pure document without any collisions. And also
we can see what is really in the mail document.
Step 1
First step is back up and also restore the important files, the important files are available in your
system.
Step 2
And the next step is disconnecting the internet. If we want to disconnect the internet then
the websites or downloading pages are stop their performance for sometimes.
Step 3
Third step is using the safety measures. In this step we can easily boot the system. Anti-
virus is a best example for step 3, because the antivirus is used for scanning the virus and also
retrieving the deleted contents.
Step 4
In step 4 you may have use another computer internet by the way of local area network
connection. The LAN connections are used for solves the malware problems and also find about
the malware. In this step we can safely download our document from the internet.
Step 5
8
Step 5 is the process of malware analyzes. Using this step we can easily analyze the
malware and also find the solution for the corresponding malware. It provides the source for
remove virus in a proper manner.
Step 6
Scan the files what are the files were downloaded from the internet and used to scan
multiple times. And use many tools to find the scanning purpose and removal of virus infected of
the related file.
Step 7
Next step is disk maintenance. To maintain the disk clean, we need to format the disk in
multiple times .And also remove the waste files or unwanted data’s. It does not modify the
original content and also clean the temporary files; these temporary files are used in the related
software.
Step 8
Step 8 performs the restoration process. It just removes the system and then restores the
points finally these points are used for the malware for deleting the wasted files.
Security defects
Malware are normally defected by some resources such as operating system and
applications. The newly updated software or operating systems are also affected. It provides the
data in executable form, when the process execution comes to an end.
User error
The system has the operating system and also has some disks like floppy disks and it
changed when booting the operating system. And the error has been occurred; when the
operating system is installed without booting. Finally it shoes the errors in runtime. Sometimes
the users make a mistake in run the software and sure the concepts are easily understood. Also
the codes generate the errors.
9
malware and also find the solution for the corresponding malware. It provides the source for
remove virus in a proper manner.
Step 6
Scan the files what are the files were downloaded from the internet and used to scan
multiple times. And use many tools to find the scanning purpose and removal of virus infected of
the related file.
Step 7
Next step is disk maintenance. To maintain the disk clean, we need to format the disk in
multiple times .And also remove the waste files or unwanted data’s. It does not modify the
original content and also clean the temporary files; these temporary files are used in the related
software.
Step 8
Step 8 performs the restoration process. It just removes the system and then restores the
points finally these points are used for the malware for deleting the wasted files.
Security defects
Malware are normally defected by some resources such as operating system and
applications. The newly updated software or operating systems are also affected. It provides the
data in executable form, when the process execution comes to an end.
User error
The system has the operating system and also has some disks like floppy disks and it
changed when booting the operating system. And the error has been occurred; when the
operating system is installed without booting. Finally it shoes the errors in runtime. Sometimes
the users make a mistake in run the software and sure the concepts are easily understood. Also
the codes generate the errors.
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Usage of similar operating system
The malicious software supports different type’s operating system. Basically the malware
software is platform independence. But it does not support the prevention method to the
software.
The files are look at same but both had the different names. So in the starting stage the
file has affected with malicious and it affects the documents over a particular time. And in that
some issues related to rtf document and described by the proper software. And using the rtf
dump we can watch the actions of the rtf file. And the affected files are started with the header
and also had class and objects. And the static analysis is used to analyze he malware and also
gather the capacity of malware with the providence of the indicators and had key techniques.
In the analysis of the system the virtual system gets hanging while opening the rtf
document using VMware. In malware we are using some dynamic analysis, this dynamic
analysis is fully focus on run the malware forgets and the malware behavior. It has to perform the
observer of the functions and analyzes the technical issues used in the signature detection. Some
technical issues are also solving by malware like domain names and IP address and the file
location. And we can easily analyze the attacker who has the control to access of the server and
that is used for command and control.
The dynamic analyses are also used in sandboxes, malware engines and various tools.
These are the techniques used for this dynamic allocation with the sandboxes. In this dynamic
analysis it used the hashing technique to perform the searches about the information. The
hashing algorithm is used for this information search such as MD5and SHA algorithm.
10
The malicious software supports different type’s operating system. Basically the malware
software is platform independence. But it does not support the prevention method to the
software.
The files are look at same but both had the different names. So in the starting stage the
file has affected with malicious and it affects the documents over a particular time. And in that
some issues related to rtf document and described by the proper software. And using the rtf
dump we can watch the actions of the rtf file. And the affected files are started with the header
and also had class and objects. And the static analysis is used to analyze he malware and also
gather the capacity of malware with the providence of the indicators and had key techniques.
In the analysis of the system the virtual system gets hanging while opening the rtf
document using VMware. In malware we are using some dynamic analysis, this dynamic
analysis is fully focus on run the malware forgets and the malware behavior. It has to perform the
observer of the functions and analyzes the technical issues used in the signature detection. Some
technical issues are also solving by malware like domain names and IP address and the file
location. And we can easily analyze the attacker who has the control to access of the server and
that is used for command and control.
The dynamic analyses are also used in sandboxes, malware engines and various tools.
These are the techniques used for this dynamic allocation with the sandboxes. In this dynamic
analysis it used the hashing technique to perform the searches about the information. The
hashing algorithm is used for this information search such as MD5and SHA algorithm.
10
Using this information, it also includes some header files, strings and the indicators these
are used for analyze the infection and also used to scan the signature. Dynamic analysis is a part
of malware analysis and used to provide the indicators for the malware detection. It protects the
platform for the analysis of malware. And the analyst needs to monitor the system process, the
file activities are also analysis with the help of the malware. If you want to get the behavior of
the malware from the file system use this dynamic analysis and use some additional new
techniques.
In the analysis of malware the rtf file document used to describe the vulnerability and
provide the set of rules. And this is known as python rule and it is used to analyze the affects in
the system or related file. For this rtf file it is used several labs. And many objects are listed here
contains more data and this is used to filter the packets. And each rtf file it make the numbers for
identification and it may be a decimal or hexadecimal and it work with analysis in the malware
analysis.
And the virtual machine works as the architecture and used to describe the function of the
system. And the machine used as the combination of software and hardware components and in
that it had two types and they are system and process virtual machine. And it used to provide the
real machine and describe the function of the overall system. And the machine is used to execute
the program and it has the virtual memory. And in that it had the instructions by sharing the
instructions to the code and used to distribute the memory to the separate machines. And the
sandbox is known as the breed of software testing. And the sandbox is known as the test server
and it also called as a development box. First one is sandbox detection and it is known as to
detect the working directory and detect the attitude of the system. And the next one is sandbox
crack it is known as the different deficiency or known as crack in the sandbox.
VM detection
By the usage of this detection we can avoid the malware and used to shift the place of
malware. And in that monitoring is the important concept and it had two types. And they are,
ï‚· Interior box monitoring
11
are used for analyze the infection and also used to scan the signature. Dynamic analysis is a part
of malware analysis and used to provide the indicators for the malware detection. It protects the
platform for the analysis of malware. And the analyst needs to monitor the system process, the
file activities are also analysis with the help of the malware. If you want to get the behavior of
the malware from the file system use this dynamic analysis and use some additional new
techniques.
In the analysis of malware the rtf file document used to describe the vulnerability and
provide the set of rules. And this is known as python rule and it is used to analyze the affects in
the system or related file. For this rtf file it is used several labs. And many objects are listed here
contains more data and this is used to filter the packets. And each rtf file it make the numbers for
identification and it may be a decimal or hexadecimal and it work with analysis in the malware
analysis.
And the virtual machine works as the architecture and used to describe the function of the
system. And the machine used as the combination of software and hardware components and in
that it had two types and they are system and process virtual machine. And it used to provide the
real machine and describe the function of the overall system. And the machine is used to execute
the program and it has the virtual memory. And in that it had the instructions by sharing the
instructions to the code and used to distribute the memory to the separate machines. And the
sandbox is known as the breed of software testing. And the sandbox is known as the test server
and it also called as a development box. First one is sandbox detection and it is known as to
detect the working directory and detect the attitude of the system. And the next one is sandbox
crack it is known as the different deficiency or known as crack in the sandbox.
VM detection
By the usage of this detection we can avoid the malware and used to shift the place of
malware. And in that monitoring is the important concept and it had two types. And they are,
ï‚· Interior box monitoring
11
ï‚· Exterior box monitoring
Interior box monitoring
VM is a marked frame work to the counter detection. And this detection damages the
number of malware. And it also notifies the behavior of interior box monitoring.
Exterior box monitoring
And this type of box method is varying compared to other process and it present in the
incidental effects and artifacts compared to malware.
Spotting VM exposure
As a consequence of authority the malware issued in the environment also it analyzed
through the virtual machine and this analyzer use to avoid the malicious program.
VMware detection
And for the vim detection it has files, memory, version and services.
Sandbox detection
In this sandbox it is used to the parts such as name and files.
The given rtf dump is like a tool used to analyze the reports using the code as python.
And it has a list of documents. And it has objects and data by the number format. And through
the malware analysis it cannot execute and not able to change the attitude and using the virtual
machine it has some actions. And also it has a benefit like fake analysis it will not change the
attitude and it has the fake issues like registry.
12
Interior box monitoring
VM is a marked frame work to the counter detection. And this detection damages the
number of malware. And it also notifies the behavior of interior box monitoring.
Exterior box monitoring
And this type of box method is varying compared to other process and it present in the
incidental effects and artifacts compared to malware.
Spotting VM exposure
As a consequence of authority the malware issued in the environment also it analyzed
through the virtual machine and this analyzer use to avoid the malicious program.
VMware detection
And for the vim detection it has files, memory, version and services.
Sandbox detection
In this sandbox it is used to the parts such as name and files.
The given rtf dump is like a tool used to analyze the reports using the code as python.
And it has a list of documents. And it has objects and data by the number format. And through
the malware analysis it cannot execute and not able to change the attitude and using the virtual
machine it has some actions. And also it has a benefit like fake analysis it will not change the
attitude and it has the fake issues like registry.
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Malware often change their code at the same time keep the functionality for keep safe
from detection misuse. And the target programs are embedded by malware, and then the
behavioral of the malware can be destroyed by using metamorphism. Some special type of
technique is used as ANI. Normally the ANI is a theory; it explains the details about data
dependencies in the code.
IP analysis of software
In the IP analysis the DNS server is used for prevent the system from the attackers, and
also used for control the machines as well as secret machines and DNS is widely used in the
malware detection. And also it provides the server controls. Generally the systems are used for
the detection of malicious DNS, using this technique we can easily find out the malware and also
analysis the IP address. We can control the malware in traffic and the IP addresses are used in
the feature process of malware detection.
Malware detection using IP
The malware activities are detected by the DNS server. And these malware occurred in
the way of viruses and it is used to analyze the longer network, not only the longer network it
perform the complex network also. Some other problem is created in the malware detection like
malware infection.
Extraction of malware detection
By extracting the features of malware detection we can obtain the traffic analyzes in the
big network and it is called as big data. Big data means use the large amount of networks. And
these features consist of malicious DNS and in the form of network traffic features. The data
13
from detection misuse. And the target programs are embedded by malware, and then the
behavioral of the malware can be destroyed by using metamorphism. Some special type of
technique is used as ANI. Normally the ANI is a theory; it explains the details about data
dependencies in the code.
IP analysis of software
In the IP analysis the DNS server is used for prevent the system from the attackers, and
also used for control the machines as well as secret machines and DNS is widely used in the
malware detection. And also it provides the server controls. Generally the systems are used for
the detection of malicious DNS, using this technique we can easily find out the malware and also
analysis the IP address. We can control the malware in traffic and the IP addresses are used in
the feature process of malware detection.
Malware detection using IP
The malware activities are detected by the DNS server. And these malware occurred in
the way of viruses and it is used to analyze the longer network, not only the longer network it
perform the complex network also. Some other problem is created in the malware detection like
malware infection.
Extraction of malware detection
By extracting the features of malware detection we can obtain the traffic analyzes in the
big network and it is called as big data. Big data means use the large amount of networks. And
these features consist of malicious DNS and in the form of network traffic features. The data
13
collector in the DNS is used to record the traffic in the network. The malicious DNS detector is
used for analyze the traffic in the network. And next one is the reputation engine, using this
engine we can easily find the reputation score for the IP address it’s also known as network
traffic analyzer.
The installation of anti-malware solutions use the malware certificates, these certificates
are present on your computer. A new malware program is used for preventing the users from the
antivirus installation process. The products are having some advantage of the digital signature for
checking the performance of Windows User Account Control (UAC). It contains some executable
files.
It fully based on the alteration of the User Account Control in Windows, this malware
prevents the users from the installation of security process, by copying digital certificates that are
used to sign antivirus programs to the non trusted Certificates in Windows. It also keeps the status
changes.
Ransom ware
It is one of the malware file. It locks the affected computer as well as encrypts the data
stored in the computer. Then it shows the ransom message to the user. The key was given to the
user after give the ransom money to the attacker. The money was transferred in the form of
crypto currency or virtual money. It was spreader by the emails as well as images. Main source
of this virus file was online websites. They spread the worm files. Basically the Ransom ware is
used for damage the systems files and also increase the worm files.
Overview
In this case the computer was affected by the ransom ware. The attacker asks money to
unlock the computer. So we need to pay some money for getting your information. In this
computer a huge amount of personal data are stored. All the stored data’s are locked by the
attacker. The pictures as well as videos stored in the computer were to important data at the same
14
used for analyze the traffic in the network. And next one is the reputation engine, using this
engine we can easily find the reputation score for the IP address it’s also known as network
traffic analyzer.
The installation of anti-malware solutions use the malware certificates, these certificates
are present on your computer. A new malware program is used for preventing the users from the
antivirus installation process. The products are having some advantage of the digital signature for
checking the performance of Windows User Account Control (UAC). It contains some executable
files.
It fully based on the alteration of the User Account Control in Windows, this malware
prevents the users from the installation of security process, by copying digital certificates that are
used to sign antivirus programs to the non trusted Certificates in Windows. It also keeps the status
changes.
Ransom ware
It is one of the malware file. It locks the affected computer as well as encrypts the data
stored in the computer. Then it shows the ransom message to the user. The key was given to the
user after give the ransom money to the attacker. The money was transferred in the form of
crypto currency or virtual money. It was spreader by the emails as well as images. Main source
of this virus file was online websites. They spread the worm files. Basically the Ransom ware is
used for damage the systems files and also increase the worm files.
Overview
In this case the computer was affected by the ransom ware. The attacker asks money to
unlock the computer. So we need to pay some money for getting your information. In this
computer a huge amount of personal data are stored. All the stored data’s are locked by the
attacker. The pictures as well as videos stored in the computer were to important data at the same
14
time they all are very sensitive. So the only way to retrieve the data was paying the ransom
money to the attacker. So the client contacts us to unlock the computer without paying any
ransom money. The details are already given to the analyzing team. The various tools involved
in the analysis are listed below.
ï‚· Bit-Defender Anti Ransom ware
ï‚· Trend Micro Lock-screen Ransom ware
ï‚· Kaspersky Anti Ransom ware
ï‚· Kaspersky Descriptors
ï‚· Avast Anti Ransom ware
ï‚· AVG-Ransom ware decrypting tool
ï‚· Formerly Crypto monitor
ï‚· Malware Anti Ransom ware
And this kind of ransom ware is in the form of anti-virus to keep safe our files and make
the security purpose. And the product level of ransom ware is known as software and it uses in
the computer like save the contents in the computer. And in the security level it used more things
like to the use of internet with a security.
And make the user files as very secured and keep with the password protection and it is
used to scan the contents which is affected by the normal virus and other kind of virus. And it is
known as a software and popular among the peoples.
And Kaspersky virus is also one of the ransom ware and it is in the form of software in
the computers and this kind of anti-virus found in the lab by the usage of the people has more
knowledge about the malware. And it is also used in the kind of security form such as internet.
And in the internet it is used more and keep the files as secured. And also it use to provide the
firewall such as used to filter the traffic. And also it works as a keyboard with security.
In avast it make a proper scan with the files and make ensure the security and the files are
affected in the way of we make the password to known to others. But in the software avast kind
of password make the files as more secured. And also hide the file places.
15
money to the attacker. So the client contacts us to unlock the computer without paying any
ransom money. The details are already given to the analyzing team. The various tools involved
in the analysis are listed below.
ï‚· Bit-Defender Anti Ransom ware
ï‚· Trend Micro Lock-screen Ransom ware
ï‚· Kaspersky Anti Ransom ware
ï‚· Kaspersky Descriptors
ï‚· Avast Anti Ransom ware
ï‚· AVG-Ransom ware decrypting tool
ï‚· Formerly Crypto monitor
ï‚· Malware Anti Ransom ware
And this kind of ransom ware is in the form of anti-virus to keep safe our files and make
the security purpose. And the product level of ransom ware is known as software and it uses in
the computer like save the contents in the computer. And in the security level it used more things
like to the use of internet with a security.
And make the user files as very secured and keep with the password protection and it is
used to scan the contents which is affected by the normal virus and other kind of virus. And it is
known as a software and popular among the peoples.
And Kaspersky virus is also one of the ransom ware and it is in the form of software in
the computers and this kind of anti-virus found in the lab by the usage of the people has more
knowledge about the malware. And it is also used in the kind of security form such as internet.
And in the internet it is used more and keep the files as secured. And also it use to provide the
firewall such as used to filter the traffic. And also it works as a keyboard with security.
In avast it make a proper scan with the files and make ensure the security and the files are
affected in the way of we make the password to known to others. But in the software avast kind
of password make the files as more secured. And also hide the file places.
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
PART 2-Task analysis
For analyzing the mal-ware 2 variety of testing procedures were followed widely. These
methods are commonly used to analyze the malware files. These two methods are listed below.
ï‚· Static Analyzes
ï‚· Dynamical Analyzes
Here the name that says about their function. In the first methodology the malware was
run by the actual methodology. So this type of analyzes are called as Actual analyzes. The
second methodology was called as behavioral analyzes. By the use of this methodology
executable-malware files are supervised as well as controlled.
For performing the static analysis there are many tools and techniques are employed. At
the static analyzes the malware code as well as its functional instructions were founded. Based
on the above data we can able to identify the actual intent and capacity of the malware file. Also
the technical factors related to the malware was easily founded by this analyzes technology.
There are many key element were employed in this method. By using this type of analyzing
procedure we can easily found the nature of the malware file. It also contains the details like
name of the file, MD5 hash values, type of file etc.
We all are know that the dynamic analyzes was called as behavioral analysis. From this
analyzes we can able to know about the characters of the malware. Here the virus signatures are
16
For analyzing the mal-ware 2 variety of testing procedures were followed widely. These
methods are commonly used to analyze the malware files. These two methods are listed below.
ï‚· Static Analyzes
ï‚· Dynamical Analyzes
Here the name that says about their function. In the first methodology the malware was
run by the actual methodology. So this type of analyzes are called as Actual analyzes. The
second methodology was called as behavioral analyzes. By the use of this methodology
executable-malware files are supervised as well as controlled.
For performing the static analysis there are many tools and techniques are employed. At
the static analyzes the malware code as well as its functional instructions were founded. Based
on the above data we can able to identify the actual intent and capacity of the malware file. Also
the technical factors related to the malware was easily founded by this analyzes technology.
There are many key element were employed in this method. By using this type of analyzing
procedure we can easily found the nature of the malware file. It also contains the details like
name of the file, MD5 hash values, type of file etc.
We all are know that the dynamic analyzes was called as behavioral analysis. From this
analyzes we can able to know about the characters of the malware. Here the virus signatures are
16
detected by the technical indicating elements. This contains the IP-values, Name of the domain,
and Location details about the file. For this purpose we use the sand boxes as well as malware-
engines. They are responsible for reduction of the available information. This is the latest
technique which gives the high accurate results. So it has the higher effectiveness. That shows
that the overall output of analyzes depends on this technique.
In reverse engineering methodology IDA was employed to disassembling purpose. The
resources are dissembled by IDA. It is the well-known tool used for this purpose. There are some
other tools are available for the same purpose among all of the files it gives the higher effective
results. For using this software we need to pay money to the developer. This tool needs some
money for their installation. This methodology the coding part was done by the binary coding
methodology. So there is a strong need to convert the code into the assembly format. All the
given coding is converted into assembly manner. Here the debugging action was performed by
the .exe information available. This data was saved in the debugging folder. This software was
mainly employed to found the name of the variables as well as its functions. By the use of
reverse engineering the codes are easily recovered.
This type of analyzes involves the various types of data. They are used to perform the
process of reverse engineering. By using the IDA pro we can able share our thoughts as well as
the types of information related to the analysis. This will helps to other face the same problem
while using the tool. This tool clearly identifies the details about the case with the file name. So
the files are easily identified by this way. Here the similar characters between the functions are
identified by the matching functions. Each and every argument has a unique name. Here the
name of the arguments was autonomously spreader. They are used in the reverse engineering
process.
17
and Location details about the file. For this purpose we use the sand boxes as well as malware-
engines. They are responsible for reduction of the available information. This is the latest
technique which gives the high accurate results. So it has the higher effectiveness. That shows
that the overall output of analyzes depends on this technique.
In reverse engineering methodology IDA was employed to disassembling purpose. The
resources are dissembled by IDA. It is the well-known tool used for this purpose. There are some
other tools are available for the same purpose among all of the files it gives the higher effective
results. For using this software we need to pay money to the developer. This tool needs some
money for their installation. This methodology the coding part was done by the binary coding
methodology. So there is a strong need to convert the code into the assembly format. All the
given coding is converted into assembly manner. Here the debugging action was performed by
the .exe information available. This data was saved in the debugging folder. This software was
mainly employed to found the name of the variables as well as its functions. By the use of
reverse engineering the codes are easily recovered.
This type of analyzes involves the various types of data. They are used to perform the
process of reverse engineering. By using the IDA pro we can able share our thoughts as well as
the types of information related to the analysis. This will helps to other face the same problem
while using the tool. This tool clearly identifies the details about the case with the file name. So
the files are easily identified by this way. Here the similar characters between the functions are
identified by the matching functions. Each and every argument has a unique name. Here the
name of the arguments was autonomously spreader. They are used in the reverse engineering
process.
17
This type of malwares are mostly targeted the data source. There are several data sources
are used like Pictures, Audios, as well as videos. And the most important thing is all the given
information’s are sensitive. So the user ready to pay money. Then the ATC was more suspicious
action. Also the various programs and some file are used for retrieve the information. They
convert the file format into another form; it was the main activity of this software. In this
software there are many methods are used for the protection against the ransom viruses. This
technology was fully autonomous.
In the ransom ware the particular package technique is used and the malware is listed out be the
various classes and this technique is used to the static analysis. And the application is used to
perform the set of actions and it follows the each step in the process and in the first installation
and next one is analyze the system characteristics and in the analysis such as dynamic used to
detect the ransom ware result. And in the dynamic analysis it had some disadvantages so the
result gets affected.
The infection through the ransom ware affects the encrypted files and makes the content missing
of the files. Through the encryption we can control the data stealing and infection so using this
we can avoid the ransom ware.
18
are used like Pictures, Audios, as well as videos. And the most important thing is all the given
information’s are sensitive. So the user ready to pay money. Then the ATC was more suspicious
action. Also the various programs and some file are used for retrieve the information. They
convert the file format into another form; it was the main activity of this software. In this
software there are many methods are used for the protection against the ransom viruses. This
technology was fully autonomous.
In the ransom ware the particular package technique is used and the malware is listed out be the
various classes and this technique is used to the static analysis. And the application is used to
perform the set of actions and it follows the each step in the process and in the first installation
and next one is analyze the system characteristics and in the analysis such as dynamic used to
detect the ransom ware result. And in the dynamic analysis it had some disadvantages so the
result gets affected.
The infection through the ransom ware affects the encrypted files and makes the content missing
of the files. Through the encryption we can control the data stealing and infection so using this
we can avoid the ransom ware.
18
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The signsrch is known as the tool for encryption in the way of multiple and provide the
solution with the certain conditions and it has various methods to operations such as decryption.
The ransom ware uses the crypto key such as symmetric is used to encrypt the files.
And also it had asymmetric encryption for the key and for the technical part the AES key is used.
In the ransom ware the removal operation is done by tools used for decryption and this
tool is used as direct. And for the decryption the auto locks tool is used and for the computer
locking it used the hydra craft. And for the operation such as decrypt the encrypted files using
decrypt locker.
19
solution with the certain conditions and it has various methods to operations such as decryption.
The ransom ware uses the crypto key such as symmetric is used to encrypt the files.
And also it had asymmetric encryption for the key and for the technical part the AES key is used.
In the ransom ware the removal operation is done by tools used for decryption and this
tool is used as direct. And for the decryption the auto locks tool is used and for the computer
locking it used the hydra craft. And for the operation such as decrypt the encrypted files using
decrypt locker.
19
Analysis of malware on windows xp
Using virtual machine
The following window display how the virtual machines are started and enter the virtual
machine name.
Then click the next button automatically the next window will be appear, select the
option dynamically allocate and click next button.
20
Using virtual machine
The following window display how the virtual machines are started and enter the virtual
machine name.
Then click the next button automatically the next window will be appear, select the
option dynamically allocate and click next button.
20
Next step is create ahard disk file type, in this stage we need to click the option VDI that
means virtual box disk image, again click the next button.
Then the next window is displayed, this window is used for create a virtual hard disk so
you need to click create a virtual hard disk now. And then click create button.
21
means virtual box disk image, again click the next button.
Then the next window is displayed, this window is used for create a virtual hard disk so
you need to click create a virtual hard disk now. And then click create button.
21
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Next window represent the file location and also file size. In this window you need to
allocate the file size using the below scale option. Then asually click the create button.
Xp setup
Installing steps
22
allocate the file size using the below scale option. Then asually click the create button.
Xp setup
Installing steps
22
The above window represent the starting position of XP setup. Next it automatically start
up the windows XP professional setup. Once the setup is executed successfully then the windows
XP is started.
23
up the windows XP professional setup. Once the setup is executed successfully then the windows
XP is started.
23
24
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The following windows are sued represent, applying computer security.
25
25
Extracting the file
If you want to extracting the files using the following extracting wizard, the below
windows are represent the extraction wizard and their performance.
26
If you want to extracting the files using the following extracting wizard, the below
windows are represent the extraction wizard and their performance.
26
27
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
First open the given extraction file in to the virtual box, and then perform the quitting
operation. The quitting operation is executed successfully then goes to the next one.
28
operation. The quitting operation is executed successfully then goes to the next one.
28
Once the quitting operation is completed it automatically open the security warning window, just
click the cancel button.
Analysis using Regshot tool
Another most important thing is analyze the regshot tool, open the regshot 1.9.0 x 86
Unicode windows for analyzing the regshot tool.
29
click the cancel button.
Analysis using Regshot tool
Another most important thing is analyze the regshot tool, open the regshot 1.9.0 x 86
Unicode windows for analyzing the regshot tool.
29
And in the above both screenshots it explained about the analysis of malware using the tool such
as regshot. And it made the analysis in the type of first and second shot and make a comparison
30
as regshot. And it made the analysis in the type of first and second shot and make a comparison
30
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
at last it provides the text files in that it contains the system details and the virus details. And in
the regshot it has two types. That is named as product name or service name.
31
the regshot it has two types. That is named as product name or service name.
31
All the above operations are executed in proper manner then the below window is displayed.
32
32
Analysis using PEiD tool
And in this tool it picked the file and make in the file such as executable to scanning
process. And it had the entry point and the value such as offset and system type and the count of
bytes it occupied.
33
And in this tool it picked the file and make in the file such as executable to scanning
process. And it had the entry point and the value such as offset and system type and the count of
bytes it occupied.
33
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
In this section viewer it displays the name, size, flags related to the offset.
In the above diagram it show the task done by the tool such as PEiD and it contains the executable
files and setup files.
34
In the above diagram it show the task done by the tool such as PEiD and it contains the executable
files and setup files.
34
And the diagram shows the disassemble function of the files while analysis of malware.
35
35
And in the above diagram it shows the detail data about the analysis and provides the value and
data of the code.
Malware analysis using IDA
IDA is a software tool; using IDA you can easily analysis the malicious software. First
you need to download the proper IDA tool. After that install the IDA tool in the VM virtual box,
and run the IDA tool. The IDA tool contains lot of resources like kernel analysis option, IDA
view, Hex view, and structure. The kernel analysis options are in two types, option 1 contains
offsets creation, delete the instruction, function creation, rename jump function, rename empty
function and so on. And the second option contains
36
data of the code.
Malware analysis using IDA
IDA is a software tool; using IDA you can easily analysis the malicious software. First
you need to download the proper IDA tool. After that install the IDA tool in the VM virtual box,
and run the IDA tool. The IDA tool contains lot of resources like kernel analysis option, IDA
view, Hex view, and structure. The kernel analysis options are in two types, option 1 contains
offsets creation, delete the instruction, function creation, rename jump function, rename empty
function and so on. And the second option contains
36
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Kernel analysis option
Create and locate the jump function, hide the library function, stack arguments, register
arguments, copy the library function, no return analysis, function truncate, code deletion, covert
data to offsets.
37
Create and locate the jump function, hide the library function, stack arguments, register
arguments, copy the library function, no return analysis, function truncate, code deletion, covert
data to offsets.
37
IDA view
In the above diagram it shows the view such as hex in the analysis using IDA tool. And also it
provides the output window in the below.
Hex view
38
In the above diagram it shows the view such as hex in the analysis using IDA tool. And also it
provides the output window in the below.
Hex view
38
Structure
39
39
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
40
Output
Functions
The following window is used for represent the types of windows function. Finally it specifies
the PC specific analysis options. This window contains Varity of options such as push, jmp, nop,
mov reg, mov memory, and so on.
41
Functions
The following window is used for represent the types of windows function. Finally it specifies
the PC specific analysis options. This window contains Varity of options such as push, jmp, nop,
mov reg, mov memory, and so on.
41
Tools
In the malware analysis it needed the background setup as good because we need to
gather the data used for the safety from the malicious file. And it uses by the virtual machine as
the software. And by the usage of virtual machine we can test the various kind of system. In the
system of virtualization it had many virtual machines. And the tools are used to describe about
how the malware get into the malicious. Normally the network shares the imp address and details
to others with the different type.
NAT
For the connection of machine in the LAN network the host IP address is used through
the virtual machine. In the NAT connection the system or operating system not able to connect
the other type operating system. And the virtual machine has some range and it is used to access
the internet.
42
In the malware analysis it needed the background setup as good because we need to
gather the data used for the safety from the malicious file. And it uses by the virtual machine as
the software. And by the usage of virtual machine we can test the various kind of system. In the
system of virtualization it had many virtual machines. And the tools are used to describe about
how the malware get into the malicious. Normally the network shares the imp address and details
to others with the different type.
NAT
For the connection of machine in the LAN network the host IP address is used through
the virtual machine. In the NAT connection the system or operating system not able to connect
the other type operating system. And the virtual machine has some range and it is used to access
the internet.
42
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Bridged adapter
In that the host system has the network with the IP address of the virtual machine. So the
LAN has the direct access with the other machine.
Virtual box
In the initial settings of the operating system without the use of other data and so for that
we have to give the name and data. And the folder has the access to read and by the usage of this
the malware cannot access the system.
And in the basic malware analysis the tools are used such as analysis of PEiD for detects
the packets and also the dependency walker for the link such as dynamic. And the PEview and
the file analyzer are used to evaluate the file and the resources were changed visible to the
hackers. And it had two basic malware analysis tools and the function. And the types are,
1. Basic malware analysis tool
2. Dynamic malware analysis tool
3.
Basic malware analysis tool
The tools are used to analyze the malware such as PEiD, Dependency walker, Resource
hacker and PEview.
PEiD
This tool is used to analyze the compilers but the malware analysis is complex. And in
the update tool it is used for analyze the files like text and it is stored using database.
Dependency walker
Dependency is the basic malware analysis tool and also it was one of the other greatest
tools using in malware analysis. Basically the dependency walker is an open sources application
that are scanned in windows 32 bit and also windows 64 bit. It provides lot of function modules
of import and export. It views only the detailed data of the file such as file path, version, and
information.
43
In that the host system has the network with the IP address of the virtual machine. So the
LAN has the direct access with the other machine.
Virtual box
In the initial settings of the operating system without the use of other data and so for that
we have to give the name and data. And the folder has the access to read and by the usage of this
the malware cannot access the system.
And in the basic malware analysis the tools are used such as analysis of PEiD for detects
the packets and also the dependency walker for the link such as dynamic. And the PEview and
the file analyzer are used to evaluate the file and the resources were changed visible to the
hackers. And it had two basic malware analysis tools and the function. And the types are,
1. Basic malware analysis tool
2. Dynamic malware analysis tool
3.
Basic malware analysis tool
The tools are used to analyze the malware such as PEiD, Dependency walker, Resource
hacker and PEview.
PEiD
This tool is used to analyze the compilers but the malware analysis is complex. And in
the update tool it is used for analyze the files like text and it is stored using database.
Dependency walker
Dependency is the basic malware analysis tool and also it was one of the other greatest
tools using in malware analysis. Basically the dependency walker is an open sources application
that are scanned in windows 32 bit and also windows 64 bit. It provides lot of function modules
of import and export. It views only the detailed data of the file such as file path, version, and
information.
43
Resources Hacker
Resource hacker is also known as ResHackers. These hackers are used in the open source
applications. These open source applications are takes the resources from the window. It can add
and modify the resource such as strings, images etc.
PEview
PEview is the simplest tool. Using this tool the application can easily find out the
browsing data. The data’s are present in the PE files. All the PE files have two sections one is
header and another one is section, all the browsing data’s are present in that location.
44
Resource hacker is also known as ResHackers. These hackers are used in the open source
applications. These open source applications are takes the resources from the window. It can add
and modify the resource such as strings, images etc.
PEview
PEview is the simplest tool. Using this tool the application can easily find out the
browsing data. The data’s are present in the PE files. All the PE files have two sections one is
header and another one is section, all the browsing data’s are present in that location.
44
FileAlyzer
FileAlyzer is used for read the information freely from PE file header and different
Section, compare to PEview it have a several no of application, only the FileAlyzer can access
these applications. The Virus Total tab is the one of the best feature are used to analysis the
malware and the PE Compact files.
Dynamic Malware Analysis Tools
Different types of tools are used in the Dynamic malware analysis such as Procom,
Process Explorer, Reshot, and Net cat.
Procom
Procom is one of the most famous tools used in the dynamic malware analysis. It also
called process monitor it is one of the free tool was developed by windows system internals that
45
FileAlyzer is used for read the information freely from PE file header and different
Section, compare to PEview it have a several no of application, only the FileAlyzer can access
these applications. The Virus Total tab is the one of the best feature are used to analysis the
malware and the PE Compact files.
Dynamic Malware Analysis Tools
Different types of tools are used in the Dynamic malware analysis such as Procom,
Process Explorer, Reshot, and Net cat.
Procom
Procom is one of the most famous tools used in the dynamic malware analysis. It also
called process monitor it is one of the free tool was developed by windows system internals that
45
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
monitor the file systems of the windows and registry. It combines with File Mon and RegMon. It
has the greatest feature to add the filemon and procmon to filter the data and log the boot time.
46
has the greatest feature to add the filemon and procmon to filter the data and log the boot time.
46
References
Applied Cyber-security and the Smart. (2013). Network Security, 2013(10), p.4.
Cyber-security. (2014). Network Security, 2014(1), p.4.
European guidelines for resilience and cyber-security. (2011). Network Security, 2011(2), pp.2-
20.
Governments warn of cyber-security. (2011). Network Security, 2011(11), pp.1-2.
Horowitz, B. and Lucero, D. (2016). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 19(2),
pp.39-42.
Horowitz, B. and Lucero, D. (2017). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 20(3),
pp.66-68.
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security
Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), pp.1-18.
Targeted Cyber-attacks. (2014). Network Security, 2014(6), p.4.
Tsoumas, B. and Gritzalis, D. (2012). Inside Cyber Warfare: Mapping the Cyber
Underworld. Computers & Security, 31(6), p.801.
UK launches cyber-security reserves. (2013). Computer Fraud & Security, 2013(10), pp.1-3.
US public-private partnership for cyber-security. (2010). Network Security, 2010(12), p.20.
Alam, S., Horspool, R. and Traore, I. (n.d.). A Framework for Metamorphic Malware Analysis
and Real-Time Detection.
Cleary, F. and Felici, M. (2014). Cyber Security and Privacy. Cham: Springer International
Publishing.
Cyber security, 2009. (n.d.). .
Cyber Security. (2013). Ely, Cambridgeshire, United Kingdom: It Governance Publishing.
Dunham, K. (2015). Android malware and analysis. Boca Raton, FL: CRC Press.
47
Applied Cyber-security and the Smart. (2013). Network Security, 2013(10), p.4.
Cyber-security. (2014). Network Security, 2014(1), p.4.
European guidelines for resilience and cyber-security. (2011). Network Security, 2011(2), pp.2-
20.
Governments warn of cyber-security. (2011). Network Security, 2011(11), pp.1-2.
Horowitz, B. and Lucero, D. (2016). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 19(2),
pp.39-42.
Horowitz, B. and Lucero, D. (2017). SYSTEM-AWARE CYBER SECURITY: A SYSTEMS
ENGINEERING APPROACH FOR ENHANCING CYBER SECURITY. INSIGHT, 20(3),
pp.66-68.
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security
Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), pp.1-18.
Targeted Cyber-attacks. (2014). Network Security, 2014(6), p.4.
Tsoumas, B. and Gritzalis, D. (2012). Inside Cyber Warfare: Mapping the Cyber
Underworld. Computers & Security, 31(6), p.801.
UK launches cyber-security reserves. (2013). Computer Fraud & Security, 2013(10), pp.1-3.
US public-private partnership for cyber-security. (2010). Network Security, 2010(12), p.20.
Alam, S., Horspool, R. and Traore, I. (n.d.). A Framework for Metamorphic Malware Analysis
and Real-Time Detection.
Cleary, F. and Felici, M. (2014). Cyber Security and Privacy. Cham: Springer International
Publishing.
Cyber security, 2009. (n.d.). .
Cyber Security. (2013). Ely, Cambridgeshire, United Kingdom: It Governance Publishing.
Dunham, K. (2015). Android malware and analysis. Boca Raton, FL: CRC Press.
47
Kirat, D. (n.d.). Scalable automated evasive malware analysis.
Krieg, C., Dabrowski, A., Hobel, H., Krombholz, K. and Weippl, E. (n.d.). Hardware malware.
Oktavianto, D. and Muhardianto, I. (2013). Cuckoo malware analysis. Birmingham, UK: Packt
Pub.
Pantels, T. (2017). Windows Performance Toolkit: Malware Analysis. [Carpinteria, Calif.]:
Lynda.com.
Samuels, D. and Rohsenow, T. (2015). Cyber security. New York: Arcler Press.
Sheldon, F. (2010). Sixth Annual Cyber Security and Information Intelligence Research
Workshop. [New York, N.Y.]: [ACM].
Voeller, J. (2014). Cyber Security. Wiley.
Vostokov, D. (n.d.). Windows malware analysis.
Wüchner, T., Pretschner, A., Pretschner, A. and Freiling, F. (n.d.). Behavior-based Malware
Detection with Quantitative Data Flow Analysis.
Yin, H. and Song, D. (2013). Automatic Malware Analysis. New York, NY: Springer.
An Analysis and Averstion Of Highly Servivable Ransomware. (2017). International Journal of
Recent Trends in Engineering and Research, 3(2), pp.201-205.
CABAJ, K. (2015). Network activity analysis of CryptoWall ransomware. PRZEGLÄ„D
ELEKTROTECHNICZNY, 1(11), pp.203-206.
Gazet, A. (2008). Comparative analysis of various ransomware virii. Journal in Computer
Virology, 6(1), pp.77-90.
Hernandez-Castro, J., Cartwright, E. and Stepanova, A. (2017). Economic Analysis of
Ransomware. SSRN Electronic Journal.
Kshetri, N. and Voas, J. (2017). Do Crypto-Currencies Fuel Ransomware?. IT Professional,
19(5), pp.11-15.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security,
2016(10), pp.8-17.
48
Krieg, C., Dabrowski, A., Hobel, H., Krombholz, K. and Weippl, E. (n.d.). Hardware malware.
Oktavianto, D. and Muhardianto, I. (2013). Cuckoo malware analysis. Birmingham, UK: Packt
Pub.
Pantels, T. (2017). Windows Performance Toolkit: Malware Analysis. [Carpinteria, Calif.]:
Lynda.com.
Samuels, D. and Rohsenow, T. (2015). Cyber security. New York: Arcler Press.
Sheldon, F. (2010). Sixth Annual Cyber Security and Information Intelligence Research
Workshop. [New York, N.Y.]: [ACM].
Voeller, J. (2014). Cyber Security. Wiley.
Vostokov, D. (n.d.). Windows malware analysis.
Wüchner, T., Pretschner, A., Pretschner, A. and Freiling, F. (n.d.). Behavior-based Malware
Detection with Quantitative Data Flow Analysis.
Yin, H. and Song, D. (2013). Automatic Malware Analysis. New York, NY: Springer.
An Analysis and Averstion Of Highly Servivable Ransomware. (2017). International Journal of
Recent Trends in Engineering and Research, 3(2), pp.201-205.
CABAJ, K. (2015). Network activity analysis of CryptoWall ransomware. PRZEGLÄ„D
ELEKTROTECHNICZNY, 1(11), pp.203-206.
Gazet, A. (2008). Comparative analysis of various ransomware virii. Journal in Computer
Virology, 6(1), pp.77-90.
Hernandez-Castro, J., Cartwright, E. and Stepanova, A. (2017). Economic Analysis of
Ransomware. SSRN Electronic Journal.
Kshetri, N. and Voas, J. (2017). Do Crypto-Currencies Fuel Ransomware?. IT Professional,
19(5), pp.11-15.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security,
2016(10), pp.8-17.
48
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Owens, B. (2016). 'Ransomware' cyberattack highlights vulnerability of universities. Nature.
Ransomware auch im Gesundheitswesen. (2016). Schweizerische Ärztezeitung, 97(4950).
Ransomware claims more victims. (2016). Network Security, 2016(12), p.2.
Ransomware defeated but new forms emerge. (2015). Network Security, 2015(11), p.2.
Ransomware hiding in the dark. (2015). Computer Fraud & Security, 2015(9), pp.3-20.
Ransomware menace will grow says Google. (2017). Computer Fraud & Security, 2017(8), p.3.
Ransomware: threat and response. (2016). Network Security, 2016(10), pp.17-19.
Sri Vayuputra, K. and K.V.D Kiran, D. (2018). Study and analyze the locky ransomware using
malware analysis techniques. International Journal of Engineering & Technology, 7(2.7), p.225.
The WannaCry ransomware attack. (2017). Strategic Comments, 23(4), p.vii-ix.
Dehghantanha, A., Conti, M. and Dargahi, T. (n.d.). Cyber Threat Intelligence.
Gallo, A. (2016). Ransomware. [S.l.]: O'Reilly Media, Inc.
Liska, A. and Gallo, T. (n.d.). Ransomware.
Messier, R. (n.d.). Operating system forensics.
Mohanta, A., Velmurugan, K. and Hahad, M. (n.d.). Preventing Ransomware.
Sotto, L. (n.d.). Cybersecurity, 2017.
Street, J., Baskin, B., Sims, K. and Martin, B. (n.d.). Dissecting the hack.
Bolton, A. and Anderson-Cook, C. (2017). APT malware static trace analysis through bigrams
and graph edit distance. Statistical Analysis and Data Mining: The ASA Data Science Journal,
10(3), pp.182-193.
Dai, S., Fyodor, Y., Wu, M., Huang, Y. and Kuo, S. (2011). Holography: a behavior-based
profiler for malware analysis. Software: Practice and Experience, 42(9), pp.1107-1136.
Fan, L., Wang, Y., Cheng, X., Li, J. and Jin, S. (2013). Privacy theft malware multi-process
collaboration analysis. Security and Communication Networks, 8(1), pp.51-67.
Garg, V. (2012). Macroeconomic Analysis of Malware. SSRN Electronic Journal.
49
Ransomware auch im Gesundheitswesen. (2016). Schweizerische Ärztezeitung, 97(4950).
Ransomware claims more victims. (2016). Network Security, 2016(12), p.2.
Ransomware defeated but new forms emerge. (2015). Network Security, 2015(11), p.2.
Ransomware hiding in the dark. (2015). Computer Fraud & Security, 2015(9), pp.3-20.
Ransomware menace will grow says Google. (2017). Computer Fraud & Security, 2017(8), p.3.
Ransomware: threat and response. (2016). Network Security, 2016(10), pp.17-19.
Sri Vayuputra, K. and K.V.D Kiran, D. (2018). Study and analyze the locky ransomware using
malware analysis techniques. International Journal of Engineering & Technology, 7(2.7), p.225.
The WannaCry ransomware attack. (2017). Strategic Comments, 23(4), p.vii-ix.
Dehghantanha, A., Conti, M. and Dargahi, T. (n.d.). Cyber Threat Intelligence.
Gallo, A. (2016). Ransomware. [S.l.]: O'Reilly Media, Inc.
Liska, A. and Gallo, T. (n.d.). Ransomware.
Messier, R. (n.d.). Operating system forensics.
Mohanta, A., Velmurugan, K. and Hahad, M. (n.d.). Preventing Ransomware.
Sotto, L. (n.d.). Cybersecurity, 2017.
Street, J., Baskin, B., Sims, K. and Martin, B. (n.d.). Dissecting the hack.
Bolton, A. and Anderson-Cook, C. (2017). APT malware static trace analysis through bigrams
and graph edit distance. Statistical Analysis and Data Mining: The ASA Data Science Journal,
10(3), pp.182-193.
Dai, S., Fyodor, Y., Wu, M., Huang, Y. and Kuo, S. (2011). Holography: a behavior-based
profiler for malware analysis. Software: Practice and Experience, 42(9), pp.1107-1136.
Fan, L., Wang, Y., Cheng, X., Li, J. and Jin, S. (2013). Privacy theft malware multi-process
collaboration analysis. Security and Communication Networks, 8(1), pp.51-67.
Garg, V. (2012). Macroeconomic Analysis of Malware. SSRN Electronic Journal.
49
Infectious Malware-Analysis and Protective Measures. (2015). International Journal of Science
and Research (IJSR), 4(12), pp.1101-1105.
Kumar, A. and Goyal, S. (2016). Advance Dynamic Malware Analysis Using Api
Hooking. International Journal Of Engineering And Computer Science.
Leenu Singh, L. and Hassan, S. (2012). Virtualization Evolution For Transparent Malware
Analysis. International Journal of Scientific Research, 2(6), pp.101-104.
Mahawer, D. and Nagaraju, A. (2013). Metamorphic malware detection using base malware
identification approach. Security and Communication Networks, 7(11), pp.1719-1733.
Pope, M., Warkentin, M. and Luo, X. (2012). Evolutionary Malware. International Journal of
Wireless Networks and Broadband Technologies, 2(3), pp.52-60.
Popli, N. and Girdhar, A. (2017). WannaCry Malware Analysis. MERI-Journal of Management
& IT, 10(2).
Potter, B. (2008). Scalable malware analysis. Network Security, 2008(4), pp.18-20.
SM-D (2012). Practical Malware Analysis. Network Security, 2012(12), p.4.
Survey Paper on APT Malware Identification using Malicious DNS and Traffic Analysis.
(2015). International Journal of Science and Research (IJSR), 4(12), pp.403-405.
Tanaka, Y., Akiyama, M. and Goto, A. (2017). Analysis of malware download sites by focusing
on time series variation of malware. Journal of Computational Science, 22, pp.301-313.
Yu, J., Huang, Q. and Yian, C. (2016). DroidScreening: a practical framework for real-world
Android malware analysis. Security and Communication Networks, 9(11), pp.1435-1449.
50
and Research (IJSR), 4(12), pp.1101-1105.
Kumar, A. and Goyal, S. (2016). Advance Dynamic Malware Analysis Using Api
Hooking. International Journal Of Engineering And Computer Science.
Leenu Singh, L. and Hassan, S. (2012). Virtualization Evolution For Transparent Malware
Analysis. International Journal of Scientific Research, 2(6), pp.101-104.
Mahawer, D. and Nagaraju, A. (2013). Metamorphic malware detection using base malware
identification approach. Security and Communication Networks, 7(11), pp.1719-1733.
Pope, M., Warkentin, M. and Luo, X. (2012). Evolutionary Malware. International Journal of
Wireless Networks and Broadband Technologies, 2(3), pp.52-60.
Popli, N. and Girdhar, A. (2017). WannaCry Malware Analysis. MERI-Journal of Management
& IT, 10(2).
Potter, B. (2008). Scalable malware analysis. Network Security, 2008(4), pp.18-20.
SM-D (2012). Practical Malware Analysis. Network Security, 2012(12), p.4.
Survey Paper on APT Malware Identification using Malicious DNS and Traffic Analysis.
(2015). International Journal of Science and Research (IJSR), 4(12), pp.403-405.
Tanaka, Y., Akiyama, M. and Goto, A. (2017). Analysis of malware download sites by focusing
on time series variation of malware. Journal of Computational Science, 22, pp.301-313.
Yu, J., Huang, Q. and Yian, C. (2016). DroidScreening: a practical framework for real-world
Android malware analysis. Security and Communication Networks, 9(11), pp.1435-1449.
50
51
1 out of 52
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.