Windows Malware Analysis Essentials

Book Image

Windows Malware Analysis Essentials

By : Victor Marak

Book Image

Windows Malware Analysis Essentials

By: Victor Marak

Overview of this book

Windows Malware Analysis Essentials

Windows Malware Analysis Essentials

Credits

About the Author

About the Author

Acknowledgments

Acknowledgments

About the Reviewer

About the Reviewer

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

Down the Rabbit Hole

Down the Rabbit Hole

Signed numbers and complements

Boolean logic and bit masks

Breathing in the ephemeral realm

Sharpening the scalpel

Performing binary reconnaissance

Exploring the universe of binaries on PE Explorer

Getting to know IDA Pro

Dancing with the Dead

Dancing with the Dead

The initiation ritual

Preparing the alter

Code constructs in x86 disassembly

Performing a Séance Session

Performing a Séance Session

Fortifying your debrief

Debriefing – seeing the forest for the trees

Preparing for D-Day – lab setup

Whippin' out your arsenal

Summoning the demon!

Exorcism and the aftermath – debrief finale!

Traversing Across Parallel Dimensions

Traversing Across Parallel Dimensions

Compression sacks and straps

Alice in kernel land – kernel debugging with IDA Pro, Virtual KD, and VMware

Good versus Evil – Ogre Wars

Good versus Evil – Ogre Wars

Wiretapping Linux for network traffic analysis

Encoding/decoding – XOR Deobfuscation

Malicious Web Script Analysis

Byte code decompilers

Document analysis

Redline – malware memory forensics

Malware intelligence

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Whippin' out your arsenal

Let us see the list of tools that we will be using or referring further.

Fingerprinting

PEiD/ExeInfo: https://tuts4you.com/download.php?list.37
FileAlyzer (with ssdeep.dll for ssdeep hashes): http://www.safer-networking.org/products/
HeaventoolsPEExplorer: http://heaventools.com/
Yara: https://code.google.com/p/yara-project/downloads/list

User mode sandboxing

BSA Buster Sandbox: http://bsa.isoftware.nl/
Sandboxie: http://www.sandboxie.com/
Cuckoo Sandbox: http://cuckoosandbox.org/ and www.malwr.com
VMWare: http://www.vmwareinc.com/

Debugging and disassembly

OllyDBG 1.10/2.0: http://www.ollydbg.de/.
IDA Pro 6.1 or above: http://www.hex-rays.com/products/ida/index.shtml.
Debugging Tools for Windows(x86): This requires installation. It is available at http://www.microsoft.com/en-us/download/details.aspx?id=8442.
Bochs 2.4.6: http://sourceforge.net/projects/bochs/files/bochs/2.4.6/.

Monitoring

Sysinternals Suite (especially process explorer and process monitor)...