Hello guys,
in this location, i will tell you how Malware Analysis is done, what types of analysis are, what it is for, which programs are used.
How to do the basic as malware analysis about this and which method you will have information about how to examine.
You are first to talk about methods, i would like here i told you is the method i use, you can develop your own method of developing yourself.
What is Malware Analysis?
Malware: Known as malware. Software running on our system without our consent. Examples of this are software such as rat, trojan, rootkit, ransomware.
Malware Analysis:
As can be understood from the definition of Malware, it is to detect malicious software by analyzing files. In some cases, anti-viruses are insufficient and in such cases, you have to analyze the file yourself. Many viruses today bypass antiviruses and enter systems easily. The best way to prevent this is to make the analysis of malware.Malware Analysis is of two kinds. Static Analysis and Dynamic Analysis.
Static Analysis: It is the type of analysis performed by examining the codes without running the suspicious file to be examined.
Dynamic Analysis: It is the type of analysis made by running the suspicious file to be examined on the system and looking at what it does in the system.
How do you do malwamere analysis
You have a basic technical knowledge of malware analysis. Let's move has been made of how malware analysis now.
The first step in the analysis Malware to gather information about the file to be examined. There is a lot of software for data collection. As I said before, each person's method and programs are different. i will tell you the programs I use myself.
What is Malware Analysis?
Malware: Known as malware. Software running on our system without our consent. Examples of this are software such as rat, trojan, rootkit, ransomware.
Malware Analysis:
As can be understood from the definition of Malware, it is to detect malicious software by analyzing files. In some cases, anti-viruses are insufficient and in such cases, you have to analyze the file yourself. Many viruses today bypass antiviruses and enter systems easily. The best way to prevent this is to make the analysis of malware.Malware Analysis is of two kinds. Static Analysis and Dynamic Analysis.
Static Analysis: It is the type of analysis performed by examining the codes without running the suspicious file to be examined.
Dynamic Analysis: It is the type of analysis made by running the suspicious file to be examined on the system and looking at what it does in the system.
How do you do malwamere analysis
You have a basic technical knowledge of malware analysis. Let's move has been made of how malware analysis now.
The first step in the analysis Malware to gather information about the file to be examined. There is a lot of software for data collection. As I said before, each person's method and programs are different. i will tell you the programs I use myself.
- PEiD
- DIE
- PE İnsider
- CFF Explorer
How do you do Peid ?
At first, we get information about the file with the PEiD program. In this way, it gives us information about the language in which the file we are going to examine is written. The PEiD program does not have much else, the most important feature is that we learn in which language the file was written. We drag and drop the file we want to examine on the program, and that's how the program is used.
DIE Usage:
The DIE program is a more advanced version of the PEiD program. We can get a lot of information we want about the file from the DIE program. We drag and drop the file we want to examine onto the program. And it gives us a lot of information about the file.
Using CFF Explorer:
After downloading the CFF Explorer program, we need to install it. After installing, we open the CFF Explorer program. From the File tab, we click Open and select the file we want to examine. And it gives us a lot of information about the file.
Yes, friends, we have enough information about the file that we will examine using the tools above. Now it's time to read the code of the file. If there is a malware in the file, we will find out by reading the code of the file. i use the dnSpy program to read the codes. You can use another program if you want. We leave drag the file onto the program and making a dnspy read the entire code of the file.
NOTE: If we examine the file to obfuscate or compression process has been made know to read codes. For this, we can deobfuscate with various software and make the codes of the encrypted file readable.
We read all the codes of the file one by one using the dnSpy program. If we detect harmful code reading this processing program that can bring harmful wing.
Code Static analysis we have done is making the reading process. In other words, if we do the above steps, we do a static analysis. Now let's move on to how Dynamic Analysis is done.
How is Dynamic Analysis Done?
Dynamic analysis is a type of analysis that is done by running the file to be examined on the systems and examining what it does in the system. For this, you need to have a windows in the virtual machine. Or you need to have sandboxie program.
How is Dynamic Analysis Done?
Dynamic analysis is a type of analysis that is done by running the file to be examined on the systems and examining what it does in the system. For this, you need to have a windows in the virtual machine. Or you need to have sandboxie program.
We run the file we will examine in our virtual windows and watch what it does on the system. If applications that you do not know are running in the background without your permission, the file is harmful.
Or after running the wiresshark program, we run our file and listen. Watching that Wiresshark program with our network we can also learn what to do if it is harmful.
in general, a simple malware analysis is done this way. You can learn about advanced malware analysis by doing research. What I'm talking about here is the basic and simple level. Good luck with. Good forms.
## Hello,
i have started a new project in the Turkhackteam international forum section. In this project, I translate the topics that I have found in the Turkish Language Support section of the forum, which I think are important for you. You can find the link of the translated topic under each of my posts. ##
### Source: Basit Malware Analizi / SeNZeRo###
