O'Reilly logo

Practical Malware Analysis by Andrew Honig, Michael Sikorski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Static Analysis in Practice

Now that you understand the basics of static analysis, let’s examine some real malware. We’ll look at a potential keylogger and then a packed program.

PotentialKeylogger.exe: An Unpacked Executable

Table 1-2 shows an abridged list of functions imported by PotentialKeylogger.exe, as collected using Dependency Walker. Because we see so many imports, we can immediately conclude that this file is not packed.

Table 1-2. An Abridged List of DLLs and Functions Imported from PotentialKeylogger.exe

Kernel32.dll

User32.dll

User32.dll (continued)

CreateDirectoryW

BeginDeferWindowPos

ShowWindow

CreateFileW

CallNextHookEx

ToUnicodeEx

CreateThread

CreateDialogParamW

TrackPopupMenu

DeleteFileW

CreateWindowExW

TrackPopupMenuEx

ExitProcess

DefWindowProcW ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required