✌️Malware✌️ ✌️analysis,✌️ ✌️A✌️ ✌️beginning✌️

✌️Malware✌️ ✌️analysis,✌️ ✌️A✌️ ✌️beginning✌️

"Nᴏᴛʜɪɴɢ ɪs 100% sᴇᴄᴜʀᴇ" ᴛʜɪs ɪs ᴛʜᴇ ǫᴜᴏᴛᴇ ᴛʜᴀᴛ ᴡᴇ ᴀʟᴡᴀʏs ғᴏʟʟᴏᴡ. Wᴇ ᴀʟʟ ᴀʀᴇ ᴜɴᴅᴇʀ ɪɴ ʀɪsᴋ ᴏғ ᴍᴏᴅᴇʀɴ ᴅᴀʏ's sᴇᴄᴜʀɪᴛʏ ᴛʜʀᴇᴀᴛs ᴀɴᴅ ᴍᴀʟᴡᴀʀᴇs ɪs ᴛʜᴇ ʙɪɢɢᴇsᴛ ʀᴇᴀsᴏɴ ᴏғ ɪᴛ. Tʜᴇ ᴇᴠᴏʟᴜᴛɪᴏɴ ɪs ʜɪɢʜ ʙᴜᴛ ᴘʀᴀᴄᴛɪᴛɪᴏɴᴇʀs ᴀʀᴇ ɪɴ ᴅᴇᴍᴀɴᴅ ᴛɪʟʟ ɴᴏᴡ. Tᴏᴅᴀʏ ᴡᴇ'ʟʟ ᴅɪsᴄᴜss ᴛʜᴀᴛ ʜᴏᴡ ᴀ ᴘᴀssɪᴏɴᴀᴛᴇ sᴇᴄᴜʀɪᴛʏ ɢᴇᴇᴋ ᴄᴀɴ ʙᴇᴄᴏᴍᴇ ᴀ ᴍᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsᴛ.

𝖂𝖍𝖆𝖙 𝖎𝖘 𝖒𝖆𝖑𝖜𝖆𝖗𝖊 𝖆𝖓𝖆𝖑𝖞𝖘𝖎𝖘?

Mᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsɪs ɪs ᴛʜᴇ sᴛᴜᴅʏ ᴏʀ ᴘʀᴏᴄᴇss ᴏғ ᴅᴇᴛᴇʀᴍɪɴɪɴɢ ᴛʜᴇ ғᴜɴᴄᴛɪᴏɴᴀʟɪᴛʏ, ᴏʀɪɢɪɴ ᴀɴᴅ ᴘᴏᴛᴇɴᴛɪᴀʟ ɪᴍᴘᴀᴄᴛ ᴏғ ᴀ ɢɪᴠᴇɴ ᴍᴀʟᴡᴀʀᴇ sᴀᴍᴘʟᴇ sᴜᴄʜ ᴀs ᴀ ᴠɪʀᴜs, ᴡᴏʀᴍ, ᴛʀᴏᴊᴀɴ ʜᴏʀsᴇ, ʀᴏᴏᴛᴋɪᴛ, ᴏʀ ʙᴀᴄᴋᴅᴏᴏʀ. ... Mᴀʟᴡᴀʀᴇ ᴍᴀʏ ɪɴᴄʟᴜᴅᴇ sᴏғᴛᴡᴀʀᴇ ᴛʜᴀᴛ ɢᴀᴛʜᴇʀs ᴜsᴇʀ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ᴡɪᴛʜᴏᴜᴛ ᴘᴇʀᴍɪssɪᴏɴ.

Wʜᴀᴛ ɪs ᴛʜᴇ sᴋɪʟʟs ʀᴇǫᴜɪʀᴇᴅ

Tᴏ ʙᴇᴄᴏᴍᴇ ᴀ ᴍᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsᴛ ᴀɴᴅ ᴡᴏʀᴋ ᴡɪᴛʜ ɪɴᴅᴜsᴛʀʏ ʏᴏᴜ sʜᴏᴜʟᴅ ʜᴀᴠᴇ ᴍɪɴɪᴍᴜᴍ sᴋɪʟʟs ʀᴇǫᴜɪʀᴇᴍᴇɴᴛs ɪɴ ᴛʜᴇ sᴇᴄᴜʀɪᴛʏ ᴅᴏᴍᴀɪɴ, ᴀ ғᴏʟᴋ ᴍᴜsᴛ ʜᴀᴠᴇ ɢᴏᴏᴅ ᴋɴᴏᴡʟᴇᴅɢᴇ ᴏғ sᴇᴄᴜʀɪᴛʏ ᴄᴏɴᴄᴇᴘᴛs, ɴᴇᴛᴡᴏʀᴋɪɴɢ, ᴅᴏᴍᴀɪɴ ᴇxᴘᴇʀɪᴇɴᴄᴇ ᴀɴᴅ ɪɴ ʟᴀsᴛ ɢᴏᴏᴅ ᴜɴᴅᴇʀsᴛᴀɴᴅɪɴɢ ᴏғ ғᴏʟʟᴏᴡɪɴɢ ᴄᴏᴍᴘᴜᴛᴇʀ ʟᴀɴɢᴜᴀɢᴇs;

C/C++
Assᴇᴍʙʟʏ
Jᴀᴠᴀ ᴇᴛᴄ.

Nᴏᴡ , ᴀssᴇᴍʙʟʏ ɪs ᴍᴏsᴛ ɪɴ ᴅᴇᴍᴀɴᴅ ʟᴀɴɢᴜᴀɢᴇ ᴛᴏ ɢᴇᴛ sᴛᴀʀᴛᴇᴅ ɪɴ ᴍᴀʟᴡᴀʀᴇ ʜᴜɴᴛɪɴɢ, ᴀɴᴅ ɪᴛ's ᴀ ʟᴏᴡ ʟᴇᴠᴇʟ ʟᴀɴɢᴜᴀɢᴇ ᴡʜɪᴄʜ ᴅɪʀᴇᴄᴛʟʏ ɪɴᴛᴇʀᴀᴄᴛ ᴡɪᴛʜ ᴛʜᴇ ᴄᴏᴍᴘᴜᴛᴇʀ ʜᴀʀᴅᴡᴀʀᴇ, ɪɴ ᴍᴏᴅᴇʀɴ ᴡᴏʀʟᴅ ᴘᴇᴏᴘʟᴇ ᴍᴀɪɴʟʏ ʟᴏᴠᴇ ᴛᴏ ᴅᴏ x86 ᴘʀᴏɢʀᴀᴍᴍɪɴɢ ɪɴsᴛᴇᴀᴅ ᴏғ x64 ᴀɴᴅ ɪᴛ's ǫᴜɪᴛᴇ ᴘᴏᴘᴜʟᴀʀ ᴀʟsᴏ. Iɴ ᴍᴏᴅᴇʀɴ ᴛʜʀᴇᴀᴛ ʟɪsᴛ, ɪғ ʏᴏᴜ ᴅᴏɴ'ᴛ ʜᴀᴠᴇ ᴛʜᴇ ғᴜɴᴅᴀᴍᴇɴᴛᴀʟ ᴋɴᴏᴡʟᴇᴅɢᴇ ᴏғ ᴀssᴇᴍʙʟʏ ᴘʀᴏɢʀᴀᴍᴍɪɴɢ, ᴍᴏᴅᴇʀɴ ᴍᴀʟᴡᴀʀᴇ ʜᴜɴᴛɪɴɢ ʙᴇᴄᴀᴍᴇ ʙɪᴛ ᴅɪғғɪᴄᴜʟᴛ ᴛʜᴇɴ. Eᴀsᴛ ᴏʀ Wᴇsᴛ, ᴍᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsᴛs sʜᴏᴜʟᴅ ʙᴇ ɢᴏᴏᴅ ɪɴ ᴘʀᴏɢʀᴀᴍᴍɪɴɢ ᴀɴᴅ ᴄᴏᴍᴘᴜᴛᴇʀ ᴀʀᴄʜɪᴛᴇᴄᴛᴜʀᴇ ᴛᴏ ᴅᴏ ᴛʜᴇɪʀ ʙᴇsᴛ. A ᴍᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsᴛ ᴡᴏʀᴋs ᴄʟᴏsᴇʟʏ ᴡɪᴛʜ sᴇᴄᴜʀɪᴛʏ ᴛᴇᴀᴍ, ɪɴғᴏsᴇᴄ ᴀɴᴀʟʏsᴛs, ᴀʀᴄʜɪᴛᴇᴄᴛ ᴀɴᴅ ɪʀ ᴛᴇᴀᴍ. Tʜᴇʏ ʜᴀᴠᴇ ɢᴏᴏᴅ ɪɴᴄɪᴅᴇɴᴛ ʀᴇsᴘᴏɴᴅɪɴɢ ᴄᴀᴘᴀʙɪʟɪᴛɪᴇs ᴀɴᴅ ᴛʜᴇʏ ᴄᴀɴ ᴇxᴀᴍɪɴᴇ ᴀɴʏ ᴏғ ᴢᴇʀᴏ ᴅᴀʏs ᴀʟsᴏ ᴡʜɪᴄʜ ɪs ɴᴇᴡ ɪɴ ᴛʜᴇ ᴍᴀʀᴋᴇᴛ. Tᴏ ʙᴇᴄᴏᴍᴇ ᴀ ɢᴏᴏᴅ ᴛʜʀᴇᴀᴛ ʜᴜɴᴛᴇʀ sᴛᴜᴅʏ ᴀɴᴅ ᴘʀᴀᴄᴛɪᴄᴇ ɪs ɴᴇᴄᴇssᴀʀʏ. Mᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsɪs ɪs ʙɪᴛ ᴅɪғғɪᴄᴜʟᴛ sᴏ ɪғ ʏᴏᴜ ᴅᴏɴ'ᴛ ғᴏʟʟᴏᴡ sᴀғᴇᴛʏ ᴍᴇᴀsᴜʀᴇs ᴛʜᴇɴ ʏᴏᴜʀ ᴄᴏʀᴘᴏʀᴀᴛᴇ ᴅᴀᴛᴀ ᴀɴᴅ ʟᴀᴘᴛᴏᴘ ᴄᴀɴ ʙᴇ ᴄᴏᴍᴘʀᴏᴍɪsᴇᴅ ғᴜʟʟʏ ғᴏʀ ᴛʜᴇ ɪɴғᴇᴄᴛɪᴏɴ. Sᴏ ᴘᴇᴏᴘʟᴇ sʜᴏᴜʟᴅ ᴘʀᴀᴄᴛɪᴄᴇ ʟᴀʙs ᴀɴᴅ ᴄᴏɴᴅᴜᴛ ᴇxᴀᴍɪɴᴀᴛɪᴏɴs ɪɴ sᴀɴᴅʙᴏx ᴏʀ ᴠᴍ ᴏɴʟʏ ᴀɴᴅ ɪғ ʏᴏᴜ ᴀʀᴇ ᴅᴏɪɴɢ sᴛᴀᴛɪᴄ ᴀɴᴀʟʏsɪs ᴘʜᴀsᴇ ᴛʜᴇɴ ᴀʟsᴏ ғᴏʟʟᴏᴡ ᴛʜᴇ sᴀᴍᴇ ᴄᴀᴜsᴇ ɪғ ʏᴏᴜ ᴛʀʏɪɴɢ ᴛᴏ ʙᴇ sᴍᴀʀᴛ ᴅᴏɴ'ᴛ ғᴏʀɢᴇᴛ ᴛʜᴇ ᴍᴀʟᴡᴀʀᴇ ᴄᴀɴ ᴍᴜᴄʜ sᴍᴀʀᴛᴇʀ ɪғ ʏᴏᴜ ᴀʀᴇ ɪɴ ᴀ sᴛᴀʀᴛɪɴɢ ᴘʜᴀsᴇ ᴏғ ʜᴜɴᴛɪɴɢ ᴀɴᴅ ᴇxᴀᴍɪɴᴀᴛɪᴏɴ. Aʟᴡᴀʏs ʙᴇ ᴄᴀʀᴇғᴜʟ ᴡʜɪʟᴇ ᴀɴᴀʟʏsɪɴɢ ᴀ ᴍᴀʟᴡᴀʀᴇ sᴀᴍᴘʟᴇ ᴏʀ ʀᴇᴀʟ ᴡᴏʀʟᴅ ɪɴғᴇᴄᴛɪᴏɴ. Tʜᴇʀᴇ ᴀʀᴇ ᴘᴀʀᴛɪᴄᴜʟᴀʀ ᴛʜɪɴᴋɪɴɢ ᴡʜɪᴄʜ ʏᴏᴜ sʜᴏᴜʟᴅ ᴀsᴋ ʏᴏᴜʀsᴇʟғ ᴡʜɪʟᴇ ᴄᴏɴᴅᴜᴄᴛɪɴɢ ᴀɴᴀʟʏsɪs -

1. 𝑾𝒉𝒂𝒕 𝒌𝒊𝒏𝒅 𝒐𝒇 𝒇𝒊𝒍𝒆 𝒊𝒔 𝒕𝒉𝒊𝒔?

2. 𝑰𝒔 𝒂𝒏𝒚 𝒊𝒏𝒇𝒐𝒓𝒎𝒂𝒕𝒊𝒐𝒏 𝒂𝒍𝒓𝒆𝒂𝒅𝒚 𝒌𝒏𝒐𝒘𝒏 𝒂𝒃𝒐𝒖𝒕 𝒊𝒕?

3. 𝑾𝒉𝒂𝒕 𝒅𝒐 𝒕𝒉𝒆 𝒆𝒎𝒃𝒆𝒅𝒅𝒆𝒅 𝒔𝒕𝒓𝒊𝒏𝒈𝒔 𝒕𝒆𝒍𝒍 𝒂𝒃𝒐𝒖𝒕 𝒊𝒕?

4. 𝑰𝒔 𝒕𝒉𝒆𝒓𝒆 𝒂𝒏𝒚𝒕𝒉𝒊𝒏𝒈 𝒖𝒏𝒖𝒔𝒖𝒂𝒍 𝒊𝒏 𝒕𝒉𝒆 𝑷𝑬 𝒉𝒆𝒂𝒅𝒆𝒓?

5. 𝑰𝒔 𝒊𝒕 𝒑𝒂𝒄𝒌𝒆𝒅?

Iꜰ sᴏ, ᴡʜᴀᴛ ᴘᴀᴄᴋᴇʀ?

Iꜰ ʏᴏᴜ ᴅᴏɴ'ᴛ ᴋɴᴏᴡ ᴡʜᴀᴛ ɪs ᴇᴍʙᴇᴅᴅᴇᴅ sᴛʀɪɴɢs ᴀɴᴅ PE ʜᴇᴀᴅᴇʀ ɪs, ᴛʜᴇɴ ᴊᴜsᴛ ꜰᴏʀ ᴏᴠᴇʀᴠɪᴇᴡ, ɪᴛ ᴄᴀɴ ʙʀɪɴɢ ᴏᴜᴛ ᴜɴᴅᴇʀʟɪɴᴇᴅ ɪɴꜰᴏ ᴀʙᴏᴜᴛ ᴛʜᴇ ᴍᴀʟᴡᴀʀᴇ ᴀɴᴅ sᴏ ᴏɴ. Wɪʟʟ ᴅɪsᴄᴜss ʙʀɪᴇꜰʟʏ ɪɴ ᴏᴜʀ ɴᴇxᴛ ʙʟᴏɢ ᴀʙᴏᴜᴛ ɪᴛ. Sᴏ, ᴛʜɪs ɪs ꜰᴏʀ ᴛᴏᴅᴀʏ ᴛʜᴀᴛ ᴡʜᴀᴛ ʙᴀsɪᴄ ɴᴇᴄᴇssᴀʀʏ sᴋɪʟʟs ᴀ ꜰᴏʟᴋ sʜᴏᴜʟᴅ ʜᴀᴠᴇ ᴛᴏ ɢᴇᴛ sᴛᴀʀᴛᴇᴅ ɪɴ ᴍᴀʟᴡᴀʀᴇ ᴀɴᴀʟʏsɪs.

#aioc #allinonecyberteam #malware

Written by 

Syan Kr.Dey