book

Windows Malware Analysis Essentials

by Victor Marak

September 2015

Beginner

330 pages

7h 10m

English

Packt Publishing

Read now

Unlock full access

Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holdersInstant updates on new Packt books
What this book covers

Downloading the example codeErrataPiracyQuestions
Number systemsBase conversionBinary to hexadecimal (and vice versa)Decimal to binary (and vice versa)Octal base conversion
A signed data type overflow conditions table
Bit masking
Scanning malware on the webGetting a great view with PEViewKnow the ins and outs with PEInsiderIdentifying with PEiDWalking on frozen terrain with DeepFreezeMeeting the rex of HexEditorsDigesting string theory with stringsHashish, pot, and stashing with hashing toolsGetting resourceful with XNResource EditorToo much leech with Dependency WalkerGetting dumped by Dumpbin
Knowing your bearings in IDA ProHooking up with IDA Pro
Motivation
Special-purpose registers
The static library generator
The for loopThe while loopThe do-while loopThe if-then-else loopA switch caseStructsLinked lists
Fortifying your debrief
FingerprintingUser mode sandboxingDebugging and disassemblyMonitoringMISCNext steps and prerequisites
Step 1 – fingerprintingStep 2 – static and dynamic analysisObfuscation – a dynamic in-memory function pointers tableThe PEB traversal codeSection object creationTemp file checkTaskkill invocation for antivirus servicesNew thread creationMBR readingMBR infectionPayloadVerifying MBR integrity
Network activityRegistry activityYara signatures
Executive synopsisMitigation
Compression sacks and strapsReleasing the Jack-in-the-Box
SyscallsWDK procurementSetting up IDA Pro for kernel debuggingFinding symbols in WINDBG/IDA PROGetting helpWindbg 'G' command in IDA ProCommand typesEnumerating Running ProcessesEnumerating Loaded ModulesData Type Inspection and DisplayDisplay headersPocket calculatorBase converterUnassembly and disassemblyDebugger Interaction-Step-In, Step Over, Execute till ReturnRegistersCall trace and walking the stackBreakpointsFirst chance and second chance debuggingA debugger implementation overviewExamine symbolsObjects
Wiretapping Linux for network traffic analysis
Taking apart JS/DropperPreliminary dumping and analysisStatic and dynamic analysis:Embedded exploits
Volatility
Monitoring and visualizationMalware Control MonitorSandboxing and reporting

Overview

"Windows Malware Analysis Essentials" provides a comprehensive introduction to the principles and techniques of malware analysis focused on the Windows platform. In this book, you will learn how to analyze real-world malware samples using tools, techniques, and a hands-on approach that demystifies the malware investigation process.

What this Book will help me do

Understand and apply the fundamentals of Boolean algebra and number systems within malware analysis.
Learn to set up and operate a malware analysis lab with a focus on security and practicality.
Develop skills to analyze real-world malware samples including static and dynamic analysis techniques.
Master the use of tools like emulators, debuggers, and sandboxes for effective malware examination.
Gain insights into handling various malware vectors, such as document-, PDF-, and script-based threats.

Author(s)

Victor Marak, a seasoned researcher in malware analysis and cybersecurity, has several years of experience unpacking and studying complex malware to improve infection detection and resolution. Through his practical approach and vast knowledge, Victor takes readers on an informative journey, presenting technical topics with clarity and accessibility.

Who is it for?

This book is tailored for cybersecurity professionals and enthusiasts who have a background in Windows reverse engineering and wish to specialize further in malware analysis. It is ideal for those looking to develop a systematic understanding of malware and enhance their ability to effectively analyze it. Whether you are an experienced analyst or starting your cyber defense journey, this book provides the knowledge to advance your skills.