June 2018
Beginner
510 pages
13h 7m
English
Content preview from Learning Malware Analysis
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
5.1 Static Analysis of the Sample
Let's start the examination of the malware sample with static analysis. In static analysis, since the malware sample is not executed, it can be performed on either the Linux VM or the Windows VM, using the tools and techniques covered in Chapter 2, Static Analysis. We will start by determining the file type and the cryptographic hash. Based on the following output, the malware binary is a 32-bit executable file:
$ file sales.exe sales.exe: PE32 executable (GUI) Intel 80386, for MS Windows
$ md5sum sales.exe51d9e2993d203bd43a502a2b1e1193da sales.exe
The ASCII strings extracted from the binary using the strings utility contains references to a set of batch commands, which looks like a command to delete files. ...