Beginners' Notes on Malware Analysis

What is Malware Analysis?

Malware analysis is simply the process of understanding the behavior and purpose of a suspicious file or URL.

Why do You Need to Know About Malware Analysis?

The essence of malware analysis is to examine all there is to be known about malware and its behavior.But why carry out malware analysis?If you understand how to analyze a piece of malware,it's much simpler to detect problems associated with malware. It enables easy problem discernment and assessment of the extent of damages.

Hence, knowing how to tackle malware attacks is critical to anyone managing systems and cares about security. Security professionals are more or less incident responders and SOC analysts but are also web and system administrators.


Malware Analysis is all about Safety

For anyone with a knowledge of computer science or security, malware analysis is not a difficult task. But it needs some basic understanding of computer hygiene. You must understand the associated risks of working with malware samples and how to take precautions and manage potential risks effectively.

Where you handle malware analysis is called the malware lab. Like a pathogen lab, a malware lab requires a set of hygiene rules. The idea is to prevent the samples from spreading while still wanting to infect the right hosts to be able to observe the samples in action.

Acquiring proper programming skills could be easy, but lacking security consciousness would cost you.

Setting Up a Malware Lab

Honing malware analysis skills requires great practice; experimenting with tools, looking at various types of malware, and getting familiar with working in isolated surroundings. Of course, nothing beats owning a personal malware lab!

In setting up a malware lab, you should begin with dedicated hardware. If solely for practice, one computer should work just fine.

Ensure the computer has a lot of spare memory to enable virtualization. Use a minimum of 8GB of memory. It also requires enough disk space to save various virtual machines and snapshots of those machines to return them to a safe state after working with malware.

Virtualization offers a few advantages making usage very easy for malware analysts. It enables quick loading of malware samples on different operating systems. Also, it allows saving snapshots of virtual machines to quickly restore a virtual machine to its initial safe state.

Ensure your malware system is isolated to prevent accidentally infecting your personal computer, web server or disk drives. Do not connect your malware lab to the internet because active malware can cause problems online.

Static and Dynamic Malware Analysis

Essentially two kinds of malware analysis exist. Which to use depends on the questions you want to answer and the resources and techniques you're familiar with.

Malware can be investigated by observing samples,codes,and properties without running them.Such kind of analysis is known as static analysis.Examples include:


●Contrasting the hash of the malware sample to a database of known malware samples
●Observing the filetype of the sample

Another kind of malware analysis is dynamic or behavioral analysis.This type tries to find answers about the malware by running it in a controlled environment and observing its behavior.Such include:


●Running the malware and contrasting the'before'and'after'states of the virtual machine on completion
●Running the malware while keeping track of its activities with a process monitor and a network sniffer

Thoroughly analyzing a malware sample requires both dynamic and static analysis methods.Repeat this process to move from the easy basics to more advanced handling techniques.

Related Articles

Explore More Special Offers

  1. Short Message Service(SMS) & Mail Service

    50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00