automatic malware analysis 2008-09-19
If you can't read please download the document
DESCRIPTION
How to automatically analyze potential malware using free services. Original broadcast date: 2008-09-19TRANSCRIPT
- 1. Automatic Malware Analysis
-
- Michael Boman, Security Guy, Sweden
-
-
- http://michaelboman.org
2. Agenda
- Scenario
- Solutions
- Questions & Answers
3. Scenario
- Want to determine if a suspect file is malicious
4. Solutions
- Scan it with one or more anti-malware softwares
- Run it in a virtual/air-gapped system
-
- Both approaches requires a infrastructure (system with required tools + knowledge), which more organizations doesn't have readable available
5. VirusTotal
- Scans uploaded files with 39 different antivirus engines at once
6. CWSandBox
- Run the uploaded file in a virtual windows environment
- Tracks
-
- File and Registry operations
-
- Program execution
-
- Network operations
7. Norman Sandbox
- Run the uploaded file in a virtual windows environment
- Tracks
-
- File and Registry operations
-
- Program execution
-
- Network operations
8. Question & Answers 9. Thank you!