You are previewing Advanced Malware Analysis.
O'Reilly logo
Advanced Malware Analysis

Book Description

A one-of-a-kind guide to setting up a malware research lab, using cutting-edge analysis tools, and reporting the findings

Advanced Malware Analysis is a critical resource for every information security professional's anti-malware arsenal. The proven troubleshooting techniques will give an edge to information security professionals whose job involves detecting, decoding, and reporting on malware.

After explaining malware architecture and how it operates, the book describes how to create and configure a state-of-the-art malware research lab and gather samples for analysis. Then, you’ll learn how to use dozens of malware analysis tools, organize data, and create metrics-rich reports.

  • A crucial tool for combatting malware—which currently hits each second globally
  • Filled with undocumented methods for customizing dozens of analysis software tools for very specific uses
  • Leads you through a malware blueprint first, then lab setup, and finally analysis and reporting activities
  • Every tool explained in this book is available in every country around the world

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents at a Glance
  6. Contents
  7. Foreword
  8. Acknowledgments
  9. Introduction
  10. Part I Malware Blueprint
    1. Chapter 1 Malware Analysis 101
      1. Malware Analysis
        1. Malware Analysis and Reverse Engineering
        2. Types of Malware Analysis
        3. Purpose of Malware Analysis
        4. Limitations of Malware Analysis
        5. The Malware Analysis Process
      2. The Effective Malware Analyst
        1. Familiarization with Malware
        2. Familiarization with Analysis Tools
        3. Patience
      3. Recap
    2. Chapter 2 Malware Taxonomy
      1. Malware Classes
        1. Infectors
        2. Network Worms
        3. Trojan Horse
        4. Backdoors
        5. Remote-Access Trojan
        6. Information Stealers
        7. Ransomware
        8. Scareware
        9. Fakeware
        10. Greyware
      2. Recap
    3. Chapter 3 Malware Deployment
      1. Malware Infection Vectors
        1. Speed
        2. Stealth
        3. Coverage
        4. Shelf Life
      2. Types of Malware Infection Vectors
        1. Physical Media
        2. E-mails
        3. Instant Messaging and Chat
        4. Social Networking
        5. URL Links
        6. File Shares
        7. Software Vulnerabilities
      3. Potential Infection Vectors
      4. Recap
    4. Chapter 4 Protective Mechanisms
      1. The Two States of Malware
        1. Static Malware
        2. Dynamic Malware
      2. Protective Mechanisms
        1. Static Malware Protective Mechanisms
        2. Dynamic Malware Protective Mechanisms
      3. Recap
    5. Chapter 5 Malware Dependencies
      1. Dependency Types
        1. Environment Dependencies
        2. Program Dependencies
        3. Timing Dependencies
        4. Event Dependencies
        5. User Dependencies
        6. File Dependencies
      2. Recap
  11. Part II Malware Research Lab
    1. Chapter 6 Malware Collection
      1. Your Own Backyard
        1. Scan for Malicious Files
        2. Look for Active Rootkits
        3. Inspect Startup Programs
        4. Inspect Running Processes
        5. Extract Suspicious Files
      2. Free Sources
        1. Contagio
        2. KernelMode.info
        3. MalShare.com
        4. Malware.lu
        5. Malware Blacklist
        6. Malwarebytes Forum
        7. Malekal’s Forum
        8. Open Malware
        9. Tuts4You
        10. VirusShare.com
        11. VX Heaven
        12. Malware Trackers
      3. Research Mailing Lists
      4. Sample Exchange
      5. Commercial Sources
      6. Honeypots
        1. Dionaea
      7. Recap
      8. Tools
    2. Chapter 7 Static Analysis Lab
      1. The Static Analysis Lab
        1. Host File Inspection Tools
        2. Mitigate Possible Infection
        3. Mitigate Becoming a Malware Staging Point
        4. Anonymous Communication
      2. Setting Up the Lab
        1. Choose the Hardware
        2. Install the Operating System
        3. Harden the Lab
        4. Anonymize the Lab
        5. Isolate the Lab
      3. The Virtualized Static Analysis Lab
      4. Backing Up and Restoring
      5. Recap
      6. Tools
    3. Chapter 8 Dynamic Analysis Lab
      1. Setting Up the Lab
        1. Choose the Hardware
        2. Install the Operating System
        3. Make the Lab Malware Friendly
        4. Anonymize the Lab
        5. Isolate the Lab
      2. Restoring to a Clean State
        1. Virtualized Environment Clean State Restoration
        2. Bare-Metal Environment Clean State Restoration
      3. Backing Up and Restoring
        1. The Golden Image
        2. Host OS
        3. Other Systems Supporting the Lab
      4. Recap
      5. Tools
  12. Part III Malware Inspection
    1. Chapter 9 The Portable Executable File
      1. The Windows Portable Executable File
        1. The PE File Format
        2. Relative Virtual Address
        3. PE Import Functions
        4. PE Export Functions
        5. 64-Bit PE File Format
      2. Recap
      3. Tools
    2. Chapter 10 The Proper Way to Handle Files
      1. File’s Analysis Life Cycle
        1. Transfer
        2. Analysis
        3. Storage
      2. Recap
      3. Tools
    3. Chapter 11 Inspecting Static Malware
      1. Static Analysis Techniques
        1. ID Assignment
        2. File Type Identification
        3. Antivirus Detection
        4. Protective Mechanisms Identification
        5. PE Structure Verification
        6. Strings Analysis
      2. Recap
      3. Tools
    4. Chapter 12 Inspecting Dynamic Malware
      1. Virtual vs. Bare Metal
      2. Dynamic Analysis
        1. Analyzing Host Behavior
        2. Analyzing Network Behavior
      3. Dynamic Analysis Limitations
      4. Recap
      5. Tools
    5. Chapter 13 Tools of the Trade
      1. Malware Analysis Use Cases
      2. Malware Analyst Toolbox
      3. Tools of the Trade
        1. Sysinternals Suite
        2. Yara
        3. Cygwin
        4. Debuggers
        5. Disassemblers
        6. Memory Dumpers
        7. PE Viewers
        8. PE Reconstructors
        9. Malcode Analyst Pack
        10. Rootkit Tools
        11. Network Capturing Tools
        12. Automated Sandboxes
        13. Free Online Automated Sandbox Services
      4. Recap
      5. Tools
  13. Part IV Appendixes
    1. Appendix A Tools List
    2. Appendix B List of Laboratories
    3. Appendix C Volatility Framework Basic Plug-ins
  14. Index