Malware Analysis Project

Table of Contents

• Introduction
• Tools Used
• Approach to Problem
• Learning Outcomes
• References

Introduction

The premise of this project is to demonstrate my knowledge in implementing countermeasures to protect information systems against malicious software (malware) attacks. Moreover, this project will include 4 different reports and each will be on a broad range of topics which will be displayed through static and dynamic analysis. The final reports will be linked in the References section.

Note: This project is part of the Malicious Code: Design & Defense course in which I received a combined final grade of 98.75% for these practicals.

Tools Used

Tools Used for All of the Reports:

1. Windows 10 ISO
2. Oracle VM VirtualBox
3. Windows 7 ISO

---

Tools Used for Report 1:

1. PEiD
2. TriDNet
3. HashMyFiles
4. CFF Explorer
5. BinText
6. Notepad++
7. Virus Total

---

Tools Used for Report 2:

1. API Miner
2. Process Monitor (ProcMon)
3. Exeinfo PE
4. Virus Total

Note: Some tools used in Report 1 was also used for this report.

---

Tools Used for Report 3:

1. IDA Pro
2. OllyDbg

---

Tools Used for Report 4:

1. IDA Pro
2. OllyDbg

---

Approach to Problem

Report 1

Please refer to report 1 in the references section for an in-depth information as it is a multi-step process.

---

Report 2

Please refer to report 2 in the references section for an in-depth information as it is a multi-step process.

---

Report 3

Please refer to report 3 in the references section for an in-depth information as it is a multi-step process.

---

Report 4

Please refer to report 4 in the references section an for in-depth information as it is a multi-step process.

Learning Outcomes

Learning Outcomes for Report 1:

1. Perform basic Static Analysis on the given malware samples.
2. Use tools discussed during lectures such as but not limited to, PEiD, TriDNet, HashMyFiles, CFF Explorer, BinText, Notepad++, etc.
3. Understand malware naming schemes and be able to figure out the malware type, platform it infects, malware family name and group name.
4. Be able to document and cite using IEEE and APA.
5. Be able to detect if a malware has a code signing certificate.

---

Learning Outcomes for Report 2:

1. Utilize tools that analyze malware statically and dynamically.
2. Be able to determine a malwares type, format, packed or unpacked, entropy, etc.
3. Be able to use API Miner and observer what kind of API calls were made during execution (Log observations).
4. Be able to explain the type of family, attributes and artifacts of the malware.
5. Be able to dynamically observe the strings of the malware.
6. Use tools such as ProcMon to observer changes within the system.

---

Learning Outcomes for Report 3:

1. Understand the usage of OllyDbg & IDA Pro.
2. Inspect and devise malicious code by inspecting assembly language.
3. Understand how malware achieve persistence through analysis of assembly code.

---

Learning Outcomes for Report 4:

1. Be able to perform advance dynamic analysis (running the code) with OllyDbg or IDA pro.
2. Able to set breakpoints and step through, over and into assembly code.
3. Able to read and follow assembly code register and be able to understand what is happening.

---

References

Report 1

Report 2

Report 3

Report 4