How to Perform Malware Analysis?

I

iwystic

Thread Starter
Veteran
Joined
Aug 27, 2019
Messages
4,843
Reaction score
10,134
What is Malware Analysis?

Malware:
Known as malware. Software running on our system without our permission. Examples of this are software such as RAT, Trojan, Rootkit, bla bla bla...

Malware Analysis: Software, such as the definition of Malware, is finalized at the end of the analysis. Some social assistances are insufficient and it is necessary to be prepared to benefit from such training programs. Many viruses today can bypass antiviruses and enter systems easily. The best way to avoid this is to research for malware.

Malware Analysis is of two types. Static Analysis and Dynamic Analysis.

Static Analysis:
A type that is done by examining the games without running the file that will be.

How to Perform Malware Analysis?

You have a basic technical knowledge of malware analysis. Now let's move on to how to do malware analysis.

The first step in malware analysis is to gather information about the file to be examined. There is a lot of software for data collection. As before, it is not with the programs used for it. I will tell you about their program.

> PEiD> DIE> PE Insider> CFF Explorer

PEiD Transport:

At first, information about the file with the PEiD program. In this way, it gives us information about the language in which the file we will examine is written. PEiD doesn't have much else, we learn in which language the most important file is written. That's it for the project plan to build on the plans for the review.

MOLDS:

The DIE program is a more advanced version of PEiD. We can get a lot of things in the model with DIE. We go upstairs to inspect. And it gives us a lot of information about the file.

Using CFF Explorer:

After downloading CFF Explorer, we need to install it. After installing, we open CFF Explorer. We press File children and select the children Open. And it gives us a lot of information about the file.

We have had enough information about the file that we will examine using our tools, using your vehicle. Now the code of the file has arrived. If there is a malware in the file, we learn it by reading the codes of this file. For the job of reading the codes, I will develop dnSpy to work. You can also use another program. We send and drop the file to the file and make it readable.

NOTE: If the file to be examined is scribbled or compressed, the codes may not be read. For this, we can make the codes of the file that has not been deobfuscated with various software readable.

We read all the codes of the file one by one using the dnSpy plugin. If you read this will be enough to get information about a code in the process.

Code reading exercises You can benefit from static analysis.​
 
T

Theloser27

Confirmed Memb.
Joined
Jan 22, 2022
Messages
57
Reaction score
1
Bu Bİligileri Bilmesem Bir Sürü Virüs İndircektim Çok tşk ederim
 
D

diogocorote

Confirmed Memb.
Joined
Jan 28, 2022
Messages
53
Reaction score
2
nice explanation, thank you very much for the clarification.
 
X

xane123

Active Member
Joined
Feb 2, 2022
Messages
20
Reaction score
0
Thank you, this has helped a lot.
 
SPAM IS FORBIDDEN!
  • SPAMMERS ARE BANNED FROM THE FORUM AND CANNOT USE ANY OF THE CHEATS
  • For example: thanks, thx, very good, asdqwe, working, ty and so on!
  • For example: Writing the same message over and over. thanks, thx and so on!
  • Copying and copying someone else's message is prohibited.
  • It is forbidden to send messages to increase the number of comments on threads that you have no knowledge of.
  • Write your own opinion when commenting!
  • If you see spam message, please let us know with the REPORT button!

Theme editor

Top Bottom