reverse engineering malware workshop

Reverse Engineering MalwareHands-on Workshop

$whoami

@mustafaqasim

Class Introduction

What’s REM

Evolution of Virus/Malware

Virus vs. Malware

Malware Classification

Adware, Clicker SpamInfoStealer,

Spyware

Ransomware Trojan Horse Rootkit, Backdoor

Virus Worms Botnet

Downloader Launcher

Reverse Engineering Malware

Static Analysis

Dynamic Analysis

Basic Static Analysis

Advanced Static Analysis

Basic Dynamic Analysis

Advanced Dynamic Analysis

Covered in this Workshop

Basic Static AnalysisBasic Dynamic Analysis

Malware Analysis Lab

Lab Requirements

IsolatedEmulate Intel Arch.Virtualized vs. Physical

Virtualization Pro & Con

Lights, Camera, Action

Boot your VMs :)

Basic Static Analysis

Hash

Strings

Packers

Packer Detection

Linked Libraries

StaticDynamic (Runtime, Loadtime)

Portable Executable (PE) Format

Used by Windows OS Loader for files like exe, dll, ocx.

PE Header reveals a function

URLDownloadToFile

Explore Dynamic Linked Functions

Dependency WalkerResource Hacker

PEView

Basic Dynamic Analysis

Regshot

Process Monitor

Process Explorer

Wireshark

Lab

Analysis of an IRC botnet malware

Q & A