Malware Analysis

Malware Analysis is a relatively newer area in the InfoSec world. The idea is to reverse engineer the malware and understand what it was aimed to do, e.g which files is it writing or reading, to which IP address is it leaking data, which parts of the registry is it updating or reading, is it capable of network pivoting and trying to move on to different subnets. What sort of devices is it trying to infect - servers, network appliances, printers?

​

If this analysis is not done, you may be losing valuable information about the attack and damage control may be at stake.

​

Malware analysis starts with obtaining a copy of the actual malware. There are various types of this Analysis:

​​

1. Static Analysis: Analyzing malware code and its behaviour without executing it.

2. Dynamic Analysis: Analyzing malware code and its behaviour by running it in a controlled environment.

3. Code Analysis: Examining the code and understanding how it works, what it does, and how it interacts with the system.

4. Behavioural Analysis: Observing the behaviour of the malware as it runs and interacts with the system.

5. Memory Analysis: Analyzing the memory dump of an infected system to determine the malware's behaviour and code.

6. Network Analysis: Analyzing network traffic for indicators of malware activity.

7. Sandbox Analysis: Running the malware in a virtualized environment and analyzing its behaviour.

​

Newer malware is constantly emerging and evolving. New methods of their obfuscation and hiding through steganography and polymorphic behaviours are created making it difficult for a Malware Analyst to decode it.

​

We can help with the analysis of certain types of malware. Please reach out to us to discuss your particular case.