Home » Security Bloggers Network » Malware Analysis and Reverse Engineering

Malware Analysis and Reverse Engineering

by Srinivas on August 12, 2019

Introduction

This article provides a high-level overview of malware analysis and reverse engineering. If you are planning to get started with malware analysis and reverse engineering, this article can be a good starting point, as it covers a high-level overview of what you need to know before you download that debugger and get your hands dirty reversing a malware sample. In this article, we will cover some of the fundamental aspects such as:

Introduction to malware analysis and reverse engineering
What you need to know to get started with malware analysis and reverse engineering
Common malware behavior
Common anti-analysis techniques used by malware

So let’s begin.

While some malware makes use of common patterns such as stealing files and connecting to C&C server using Windows APIs, some malware makes use of zero-days or a specific vulnerability in order to exploit. Regardless of what techniques the malware uses, reverse engineering is one of the common approaches in analyzing malware.

It should be noted that reverse engineering is time-consuming, and it is known to be a complex subject — but only until you master it.

Things to note before we start:

You should remember that malware analysis should be done only on an isolated computer that is intended ONLY for analysis to avoid any infection. Virtual machines can be used for this purpose
Disconnect the machine from the internet if it is not required

What you need to know to get started?

Understanding WinAPI

The majority of malware families target the Microsoft Windows operating systems, for the obvious reasons. Windows holds 78.43% of the desktop users market share worldwide, and thus it is a major target for malware authors. As a reverse engineer, it is important to understand Windows internals and commonly used Windows APIs in order to be able (Read more...)