What is a Malware?
A Malware is an executable code with any vindictive usefulness. Malware is for the most part any code that performs pernicious action, i.e. any product that accomplishes something that causes mischief can be thought about malware. Malware can be additionally arranged into different kinds like infection, trojan, worm, rootkit and so on in view of their inception and usefulness.
What is Malware Analysis?
Malware investigation is the way toward figuring out how malware capacities and any potential repercussions of a given malware. Each kind of malware assembles data about the contaminated gadget without the learning, or approval of the client.
Why Malware Analysis?
• Malware examination can be led in view of different goals.
• To comprehend the abilities of the malware.
• Determine how the malware capacities.
• Asses the interruption harm.
• Identify markers that will causes us decide other contaminated machine by the same malware and the level of disease in the system.
• Help us distinguish if the malware is misusing any defenselessness or on how it is persevering on the framework.
• Determine the nature and reason for the malware.
• To comprehend who is focusing on and how great they are.
• To comprehend what data did they take.
1.2 Classification of Malware
Classification Types of malware Feature
The contagious threat Virus A form of malware that takes unauthorized control of the infected computer and cause harm without the knowledge of the user.
The contagious threat Worms Worms are standalone malicious software that can operate independently and don’t hook itself to propagate.
The masked threat Trojan Malignant piece of software that conceal itself and behaves as a legitimate program to takes unauthorized control of the computer.
The masked threat Rootkit Rootkits are the masking techniques for malware, basically designed to conceal the malicious.
1.3 Malware analysis types
There are fundamentally 2 sorts of malware examination:
? Static analysis
A fundamental static analysis is breaking down programming without executing it. Essential static analysis is clear and can be brisk, yet it’s to a great extent inadequate against modern malware, and it can miss imperative conduct.
Propelled static analysis comprises of figuring out the malware parallel by stacking the executable into a disassembler like Ollydbg or IDA to get low level computing construct source code from machine-executable code, we at that point take a gander at the program to find what the program does.
A portion of the procedures use in static analysis is deciding record write, strings encoded in the double document, Check for record confusions to decide whether the document has been pressed or decide whether they have utilized any cryptos), Hash and correlation, checking hash against numerous AV database.
? Dynamic analysis
Dynamic analysis procedures include running the malware and watching its conduct on the framework, where the framework is setup in a nearby and secluded condition.
Dynamic analysis help us with a specific end goal to expel the contamination, deliver successful marks, or both. The lab condition is the completely confined and if the malware is sending any system asks for and is expecting a reaction, the reaction is generally reenacted.
Dynamic analysis more often than not centers around the accompanying exercises, record framework, Registry, process, system and framework calls.