Hello, aspiring ethical hackers. In our previous blogpost, you have learnt in detail about malware. In this article, you will learn about malware analysis.
What is malware analysis?
Malware analysis is the process of analyzing the code of the Virus to find out what it does, how it works, how it evades Antivirus etc. This helps in detection and prevention of the threat.
Importance of analyzing malware
Analyzing of malware helps us to understand the functionality of malware and what it does when executed, the level of damage it causes after infection etc. It will also help us to understand how malware infected our machine at first. By knowing these, better mitigation can be planned for present and future.
Types of malware analysis
There are variety of techniques used to analyze malware. They are,
1. Static analysis:
In this type of analysis, the static properties of the virus are analyzed without actually executing it. This type of analysis helps us to understand details like nature of malware, file names, IP addresses and domains, metadata etc.
2. Dynamic analysis:
In this analysis, the virus is actively executed in a sandbox. A sandbox is an isolated and secure environment in which you can safely execute code of malware. Analyzing it this way is an improvement over static analysis as we can see malware in action. This helps us to gather more information about the malware.
3. Hybrid analysis:
Some types of advanced malware have protection mechanisms to prevent anyone from analyzing the malware. For example, anti-sandbox feature is used that tells malware to stay dormant if it detects a sandbox. It is in cases like these, hybrid analysis becomes important. It combines both static and dynamic analysis to analyze the malware.
Stages in analyzing malware
Analyzing of malware has the following stages. They are,
1. Get malware sample:
Obviously, getting the malware sample is the first step if you want to analyze its code.
2. Build a lab to analyze malware:
The next step in analyzing the code of malware is creation of an isolated and safe environment without any risk of infection to the organization’s network.
3. Performing static analysis:
Next step is to get the virus sample into the malware analysis lab and perform static analysis on it. As already learnt, this helps us to understand the behavioral properties of malware.
4. Performing automated analysis:
The next step is to use a automated tool to analyze malware. This analysis can determine potential risks if malware infects a machine.
5. Manual code review:
In this stage, the code of the malware is reversed manually using debuggers, disassembly compilers and other specialized tools to understand its behavior.
Follow Us
