Scribd Logo
Upload

Welcome to Scribd!

  • CT-19005 - Lab 3 - Malware Analysis

    Uploaded by

    RAMESH KUMAR
    24 views5 pages
    ccp

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ccp

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views5 pages

    CT-19005 - Lab 3 - Malware Analysis

    Uploaded by

    RAMESH KUMAR
    ccp

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Lab Session 03

    Malware Analysis
    INTRODUCTION:
    Malware analysis involves examining the actions and intentions of a suspicious file or URL. In
    the lab, we conducted malware analysis within a secure and separate environment. To start with:

    1. Choose a dedicated machine


    2. Install VM
    3. Install malware analysis environment. e.g., REMnux, Cuckoo, Flare VM

    Analysis using VirusTotal:


    The malware file was obtained from GitHub and subsequently uploaded to the VirusTotal
    website for analysis. Several screenshots displaying the analysis conducted by VirusTotal are
    provided below.
    The malware performed the following actions on the machine according to VirusTotal:
    Static Analysis using PEiD:
    PEiD, an open-source detection tool, is utilized for cross-checking and conducting a static
    analysis of a given file. The analysis using PEiD revealed the following key information about
    the malware:

     Development Environment: The malware was developed using Microsoft Visual C++.
     File Type: It is a Win32 executable file.
     Creation Date: The file was created on December 19, 2010.
     Entry Point Section: The entry point section of the file is ".text".
     Subsystem: The malware is designed to function within a console subsystem.

    Static Analysis using PEStudio:


    PEStudio is a tool used for assessing malware and analyzing file characteristics without
    executing them. During the analysis of this particular malware, the following key findings were
    observed:

     There were 69 strings that were identified as blacklisted.


     Six functions were flagged as blacklisted.
     The malware utilized File Mapping to store system file mappings.
     The Find Close function was employed to close backend files.
     The Create File function was used to create multiple files.
     The malware accessed Kernel32.dll, which provides various Win32 base APIs for
    memory management, I/O operations, process and thread creation, and synchronization
    functions.
     The malware also accessed Msvcrt.dll, which is a crucial file for applications developed
    using Microsoft Visual Studio 6.0 and facilitates the proper functioning of programs
    created with Microsoft Visual C++.

    You might also like