A Primer on Reverse Engineering Malwares

More documents

Recommendations

Info

Behavior Analysis The Approach and Infection 1 st Snapshot of Registry prior to upload of malicious code (http://sourceforge.net/projects/regshot) � Multiple Registry Shots and Comparison Tool Launch malicious code, Interact, Login, Kill process and take 2 nd Snapshot of Registry Compare the registry files to see for major system changes (In this case, we see that two files were added to the system � msnsettings.dat and pas.txt) Behaviour Analysis Source - http://zeltser.com © 2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. It looks like pas.txt has captured the logon credentials we used when logging into the malicious executable. The msnsettings.dat file looks like a configuration file
Behavior Analysis Monitoring Process Monitor records API calls it observes on the system that deal with file system and registry access. It shows the details of how programs create, delete, read or modify the local environment Process Monitor’s log is very comprehensive. However, it is also very noisy Attempts by malware specimen to create pas.txt file and to locate the msnsettings.dat file � screenshot Behaviour Analysis Source - http://zeltser.com © 2011 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
Page 1 and 2: A Primer on Revers
Page 3 and 4: Setting the Stage
Page 5 and 6: Malware’s growing at alarming rat
Page 7 and 8: Cyber War Virtual Wars Source - htt
Page 9 and 10: Scenario @ home Penetration into Hi
Page 11 and 12: Malware Entry Points Universal Seri
Page 13 and 14: Zombie Hotspots @ Home India leadin
Page 15 and 16: Introduction
Page 17 and 18: Malwares & their Variants Trojan Ho
Page 19 and 20: Myth I - I bought an Anti-virus and
Page 21 and 22: Myth III - Malwares creation requir
Page 23 and 24: So we know why they are written…
Page 25 and 26: Malware Detection & Analysis Life C
Page 27 and 28: Data Collection & Analysis Data Col
Page 29 and 30: Ad-Hoc Utilities used for Malware D
Page 31 and 32: Behavior Analysis 3 Stage Approach
Page 33: Behavior Analysis Mitigating Risk V
Page 37 and 38: Behavior Analysis Verifying the The
Page 39 and 40: Dynamic Malware Analysis - Process
Page 41 and 42: Code Analysis Expands and Reinforce
Page 43 and 44: Code Analysis …..with patience…
Page 45 and 46: Case Study - Operation Aurora Overv
Page 47 and 48: Reverse-Engineering Malware (Cheat
Page 49: Thank You Presentation by Sony Anth

A Primer on Reverse Engineering Malwares

Create successful ePaper yourself

Delete template?

Save as template?