👨‍💻Malware

Steps to learning malware and how it behaves

I should preference that a lot of this information is changing and still new to me as I am a student in this as well. I have found a lot of help from many places, including The Malware Bible. The developers have great people over there and are extremely dedicated to their craft. Another notable shout-out is VX Underground they are great for learning in the wild malware and live demos. I should also preference that everything you test and develop should be tested in a VM and with caution. One great malware distro that is made for reverse engineering malware is Remnux Linx.

Getting Started

There are many different languages that you can write malware in, the most common being C, C++, and C#. This is because they are the lowest-level languages that a computer reads. To get started In malware, you need to first start by learning C. Some Places that have helped me are The Malware Bible, Beej, and Praticle Malware analysis.

Analysis and Creation

The first step in understanding malware is understanding their is the creation and analysis of it. Creation consists of creating malware and executing it. Most people will create and test their code before actually posting it. Most of the time, in the process of creating, you will also be testing and refining your code while you are in the creation process.

Analysis

Before we start on the analysis side of things, it is important to understand the different kinds of analysis. There are several ways to analyze and look at malware. There is:

• Static Analysis

  • Static Analysis can be done by checking physical states of file. In our case , we used executable file as static samples and to check the physical states of windows executable file Windows provide Portable Executable Format (PE Format) which describes the structure of executable (image) files and object files under the Windows family of operating systems. These files are referred to as Portable Executable (PE) files.

• Dynamic Analysis

  • Behaviour Analysis is similar to Dynamic Analysis therefore we created sandbox to find the behaviour of our malicious and good samples and these behaviour includes Registry Operations , Files Operations , Api's Calls , Dll loaded , Mutex Information etc

• Code Analysis

  • reversing code with debugger tools

  • Debugging and Reverse Engineering ,Disassemblers, decompiler

• Memory Analysis

  • we dumping whole memory and checking for process and handler.

  • we can find Rootkit and Ransomware Encryption key and find hidden process !

Each of the analysis methods has its benefits and drawbacks, but the use of all of them together can help you successfully reverse engineer code and see how it operates / functions. We will go into detail later about the different tools and techniques. You will learn more about it when you view the Analysis tab.

Creation

As stated before, the most common way to create malware is using the C launage. To first get started, you need to have at least a surface-level understanding of C and how it works. For that, I will point you to The Malware Bible, Beej, and Praticle Malware analysis. I will not be teaching you C because, well, there are other people out there who are way better at it than me. Once you have at least a surface-level understanding, you can look under Malware creation.

---

Sources

https://github.com/kh4sh3i/Malware-Analysis

https://github.com/rshipp/awesome-malware-analysis

https://github.com/BobJohn-1148/Maleware.git