Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Practical Malware Analysis Study Notes 惡意程式分析學習筆記 (持續更新)

《Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software》這本書是由Michael Sikorski和Andrew Honig所著,這本書的主要內容是關於分析惡意軟體的實踐指南。

第1章:Introduction to Malware Analysis(惡意軟體分析簡介)

  • 介紹惡意軟體分析的基本概念和流程
  • 說明惡意軟體分析人員需要具備的技能和知識

第2章:Basic Static Techniques(基本靜態分析技術)

  • 說明如何使用文件類型識別工具、靜態分析工具和反編譯器等工具進行基本靜態分析
  • 講解如何從PE文件中提取關鍵信息

第3章:Advanced Static Techniques(進階靜態分析技術)

  • 講解如何使用IDA Pro等進階靜態分析工具進行分析
  • 說明如何分析加壓和加密的惡意代碼

第4章:Dynamic Analysis(動態分析)

  • 講解如何使用虛擬機器和動態分析工具進行惡意軟體的動態分析
  • 介紹如何分析和破解惡意軟體的防御機制

第5章:Code Analysis(代碼分析)

  • 講解如何使用逆向工程技術對惡意代碼的代碼進行分析
  • 說明如何分析惡意軟體的關鍵代碼

第6章:Automated Analysis(自動化分析)

  • 介紹如何使用自動化分析工具對大量惡意軟體進行分析
  • 說明如何編寫腳本自動化分析過程

第7章:Malware Functionality(惡意軟體功能分析)

  • 講解如何分析惡意軟體的各種功能,如文件傳輸、鍵盤記錄、截圖等
  • 介紹如何檢測和分析惡意軟體的命令和控制(C&C)通信

第8章:Covert Malware Launching(隱藏啟動惡意軟體)

  • 說明惡意軟體如何實現隱藏啟動,如利用系統服務、注入其他進程等技術

第9章:Packers and Unpacking(加壓和解壓)

  • 講解加壓和解壓的基本概念和流程
  • 介紹如何使用加壓和解壓工具對惡意軟體進行分析

第10章:Anti-Debugging and Anti-Analysis(反調試和反分析)

  • 講解惡意軟體如何實現反調試和反分析
  • 介紹如何使用技術和工具對反調試和反分析進行對抗

第11章:Malware Analysis in the Real World(實戰惡意軟體分析)

  • 介紹實戰惡意軟體分析的基本流程和技巧
  • 講解如何分析各種惡意軟體,如病毒、蠕蟲、木馬、間諜軟體等

第12章:Malware Forensics(惡意軟體取證)

  • 說明惡意軟體取證的基本流程和技巧
  • 介紹如何使用取證工具和技術收集和分析數據

第13章:Analyzing Mobile Malware(分析移動端惡意軟體)

  • 介紹分析移動端惡意軟體的基本流程和技巧
  • 講解如何使用移動端取證工具和技術收集和分析數據

第14章:Analyzing Malware on Linux(分析Linux惡意軟體)

  • 介紹分析Linux惡意軟體的基本流程和技巧
  • 講解如何使用Linux取證工具和技術收集和分析數據

本書提供了一個全面的惡意軟體分析指南,包括基本和進階的分析技術、動態和靜態分析、自動化分析、惡意軟體功能分析、隱藏啟動、加壓和解壓、反調試和反分析、惡意軟體取證等方面。這本書適用於安全分析師、反病毒研究人員、安全工程師、軟體開發人員等對惡意軟體分析感興趣的讀者。


Kernel32.dll tells us that this software can open and manipulate process

  • OpenProcess
  • GetCurrentProcess
  • GetProcessHeap

and files

  • ReadFile
  • CreateFile
  • WriteFile

User32.dll includes a large number of GUI manipulation functions indicating a high likelihood that this program has a GUI

  • RegisterClassEx
  • SetWindowText
  • ShowWindow
  • SetWindowsHookEx: It is commonly used in spyware and is the most popular way that keyloggers receive keyboard inputs.
  • RegisterHotKey: It registers a hotkey (CTRL-SHIFT-C) so that whenever the user presses that hotkey combination, the application is notified.

GDI32.dll is graphics-related and simply confirms that the program probably has a GUI.

Shell32.dll tells us that this program can launch other programs (malware)

Advapi32.dll tells us that the program uses the registry.
Example: Software\Microsoft\Windoows\CurrentVersion, which is a registry key that controls which programs are automatically run when Windows starts up.

Updated: 2022/12/05

——–

Back To Top
error: 內容被保護 !!
Buy Me A Coffee
歡迎贊助 sectools.tw 讓這個網站更好~!