I
iwystic
Veteran
- Joined
- Aug 27, 2019
- Messages
- 4,834
- Reaction score
- 9,971
What is Malware Analysis?
Malware: Known as malware. Software running on our system without our permission. Examples of this are software such as RAT, Trojan, Rootkit, bla bla bla...
Malware Analysis: Software, such as the definition of Malware, is finalized at the end of the analysis. Some social assistances are insufficient and it is necessary to be prepared to benefit from such training programs. Many viruses today can bypass antiviruses and enter systems easily. The best way to avoid this is to research for malware.
Malware Analysis is of two types. Static Analysis and Dynamic Analysis.
Static Analysis: A type that is done by examining the games without running the file that will be.
How to Perform Malware Analysis?
You have a basic technical knowledge of malware analysis. Now let's move on to how to do malware analysis.
The first step in malware analysis is to gather information about the file to be examined. There is a lot of software for data collection. As before, it is not with the programs used for it. I will tell you about their program.
> PEiD> DIE> PE Insider> CFF Explorer
PEiD Transport:
At first, information about the file with the PEiD program. In this way, it gives us information about the language in which the file we will examine is written. PEiD doesn't have much else, we learn in which language the most important file is written. That's it for the project plan to build on the plans for the review.
MOLDS:
The DIE program is a more advanced version of PEiD. We can get a lot of things in the model with DIE. We go upstairs to inspect. And it gives us a lot of information about the file.
Using CFF Explorer:
After downloading CFF Explorer, we need to install it. After installing, we open CFF Explorer. We press File children and select the children Open. And it gives us a lot of information about the file.
We have had enough information about the file that we will examine using our tools, using your vehicle. Now the code of the file has arrived. If there is a malware in the file, we learn it by reading the codes of this file. For the job of reading the codes, I will develop dnSpy to work. You can also use another program. We send and drop the file to the file and make it readable.
NOTE: If the file to be examined is scribbled or compressed, the codes may not be read. For this, we can make the codes of the file that has not been deobfuscated with various software readable.
We read all the codes of the file one by one using the dnSpy plugin. If you read this will be enough to get information about a code in the process.
Code reading exercises You can benefit from static analysis.
Malware: Known as malware. Software running on our system without our permission. Examples of this are software such as RAT, Trojan, Rootkit, bla bla bla...
Malware Analysis: Software, such as the definition of Malware, is finalized at the end of the analysis. Some social assistances are insufficient and it is necessary to be prepared to benefit from such training programs. Many viruses today can bypass antiviruses and enter systems easily. The best way to avoid this is to research for malware.
Malware Analysis is of two types. Static Analysis and Dynamic Analysis.
Static Analysis: A type that is done by examining the games without running the file that will be.
How to Perform Malware Analysis?
You have a basic technical knowledge of malware analysis. Now let's move on to how to do malware analysis.
The first step in malware analysis is to gather information about the file to be examined. There is a lot of software for data collection. As before, it is not with the programs used for it. I will tell you about their program.
> PEiD> DIE> PE Insider> CFF Explorer
PEiD Transport:
At first, information about the file with the PEiD program. In this way, it gives us information about the language in which the file we will examine is written. PEiD doesn't have much else, we learn in which language the most important file is written. That's it for the project plan to build on the plans for the review.
MOLDS:
The DIE program is a more advanced version of PEiD. We can get a lot of things in the model with DIE. We go upstairs to inspect. And it gives us a lot of information about the file.
Using CFF Explorer:
After downloading CFF Explorer, we need to install it. After installing, we open CFF Explorer. We press File children and select the children Open. And it gives us a lot of information about the file.
We have had enough information about the file that we will examine using our tools, using your vehicle. Now the code of the file has arrived. If there is a malware in the file, we learn it by reading the codes of this file. For the job of reading the codes, I will develop dnSpy to work. You can also use another program. We send and drop the file to the file and make it readable.
NOTE: If the file to be examined is scribbled or compressed, the codes may not be read. For this, we can make the codes of the file that has not been deobfuscated with various software readable.
We read all the codes of the file one by one using the dnSpy plugin. If you read this will be enough to get information about a code in the process.
Code reading exercises You can benefit from static analysis.
