1

 
2  
3  
[References]  
•  Marco  Pontello,  TrID,  h4p://mark0.net/so=-­‐trid-­‐e.html  
 
[Image  Sources]  
•  Right,  h4p://www.gadgetreview.com/wp-­‐content/uploads/2012/05/Dog-­‐Pirate-­‐
Costume-­‐650x472.jpg  
 

4  
[References]  
•  Ma4  Pietrek,  An  In-­‐Depth  Look  into  the  Win32  Portable  Executable  File  Format,  
h4p://msdn.microso=.com/en-­‐us/magazine/cc301805.aspx  
•  Xeno  Kovah,  The  Life  of  Binaries,  h4p://opensecuritytraining.info/
LifeOfBinaries.html  
 

5  
[References]  
•  Daniel  Pistelli,  Explorer  Suite,  h4p://www.ntcore.com/exsuite.php  
 

6  
[References]  
•  UPX,  h4p://upx.sourceforge.net/    
•  ASPack,  h4p://www.aspack.com/aspack.html    
•  MPRESS,  h4p://www.matcode.com/  
•  Themida,  h4p://www.oreans.com/themida.php  

7  
[References]  
•  Xeno  Kovah,  The  Life  of  Binaries,  h4p://opensecuritytraining.info/
LifeOfBinaries.html  
 

8  
[References]  
•  Michael  Sikorski  et  al.,  Chapter  1.  Basic  Sta]c  Techniques,  Prac]cal  Malware  
Analysis  
•  Microso=  Windows  library  files,  h4p://en.wikipedia.org/wiki/
Microso=_Windows_library_files  
•  Windows  USER,  h4p://en.wikipedia.org/wiki/Windows_USER  
 

9  
[References]  
•  Xeno  Kovah,  Rootkits:  What  they  are,  and  how  to  find  them,  h4p://
opensecuritytraining.info/Rootkits.html  

10
[References]  
•  Mark  Russinovich  et  al.,  Chapter  4.  Management  Mechanisms,  Windows  Internals  
4th  Edi]on  
 

11  
[References]  
•  Registry  Value  Types,  h4p://msdn.microso=.com/en-­‐us/library/windows/desktop/
ms724884(v=vs.85).aspx  
•  Predefined  Keys,  h4p://msdn.microso=.com/en-­‐us/library/windows/desktop/
ms724836(v=vs.85).aspx  
•  HKEY_CLASSES_ROOT  Key,  h4p://msdn.microso=.com/en-­‐us/library/windows/
desktop/ms724475(v=vs.85).aspx  
•  Merged  View  of  HKEY_CLASSES_ROOT,  h4p://msdn.microso=.com/en-­‐us/library/
windows/desktop/ms724498(v=vs.85).aspx  

12  
[References]  
•  Mark  Russinovich  et  al.,  Chapter  4.  Management  Mechanisms,  Windows  Internals  
4th  Edi]on  
•  Registry  Hives,  h4p://msdn.microso=.com/en-­‐us/library/windows/desktop/
ms724877(v=vs.85).aspx  
•  Heige  Klein,  h4p://www.sepago.de/d/helge/2008/05/04/free-­‐tool-­‐list-­‐registry-­‐
links-­‐reglink  
 

13  
14  
[References]  
•  Michael  Sikorski  et  al.,  Chapter  11.  Malware  Behavior,  Prac]cal  Malware  Analysis  
•  Nick  Harbour,  Malware  Persistence  without  the  Windows  Registry,  h4ps://
blog.mandiant.com/archives/1207  
•  Reverend  Bill  Blunden,  Chatper  6.  Patching  System  Rou]nes,  The  Rootkit  Arsenal  
•  Marco  Guiliani,  Mebromi:  the  first  BIOS  rootkit  in  the  wild,  h4p://
www.webroot.com/blog/2011/09/13/mebromi-­‐the-­‐first-­‐bios-­‐rootkit-­‐in-­‐the-­‐wild/  
•  Nicolas  Falliere  et  al.,  W32.Stuxnet  Dossier,  h4p://www.symantec.com/content/
en/us/enterprise/media/security_response/whitepapers/
w32_stuxnet_dossier.pdf  

15  
[References]  
•  Mark  Russinovich  et  al.,  Autoruns,  h4p://technet.microso=.com/en-­‐us/
sysinternals/bb963902.aspx  
 

16  
17  
18  
19  
20  
21  
22  
23  
24  
[References]  
•  Local  Security  Authority  Subsystem  Service,  h4p://en.wikipedia.org/wiki/
Local_Security_Authority_Subsystem_Service  
 

25  
26  
[References]  
•  Regshot,  h4p://code.google.com/p/regshot/  
 

27  
28  
[References]  
•  Silberscharz  Galvin,  Chapter  4.  Processes,  Opera]ng  System  Concepts  5th  Edi]on  
 

29  
[References]  
•  Xeno  Kovah,  The  Life  of  Binaries,  h4p://opensecuritytraining.info/
LifeOfBinaries.html  
 

30  
31  
[References]  
•  Mark  Russinovich,  Sysinternals  Suite,  h4p://technet.microso=.com/en-­‐us/
sysinternals/bb842062.aspx  
 

32  
33  
[References]  
•  Mark  Russinovich  et  al.,  Chapter  4.  Management  Mechanisms,  Windows  Internals  
4th  Edi]on  

34  
35  
36  
37  
38  
39  
40  
41  
[References]  
•  Start,  h4p://technet.microso=.com/en-­‐us/library/cc959920.aspx  

42