Malware Analysis

Let’s kick it off. The first chapter of PMA was an introduction to Basic Static Analysis. Although there’s a unique set of tools used in the book, I’d be improvising and testing other tools which might achieve the same purpose. Tooling I’ll be using the following tools/services for this chapter: [I’m diverting from the toolset used by the author… mainly because they’re outdated] PEStudio PEView PEID ExeInfoPE VirusTotal Exercise 1 Hash Filename BB7425B82141A1C0F7D60E5106676BB1 Lab01-01....

Previously, we covered Basic Static Analysis and Basic Dynamic Analysis in Chapter 1 and 3 of Practical Malware Analysis. That marks an end to the first part of the book. The fourth chapter kicks off the second part of the book and takes a slight detour to cover one of the most important pre-requisites to perform malware analysis; assembly language. However, the crash course doesn’t have any exercises. It’s why we’ll be proceeding to exercises of the fifth chapter i....

Windows API, in short, the WinAPI, is a set of functions and procedures, which can abstract much of the tasks you perform everyday on the Windows OS. The Application Programming Interface (API) calls exposes these functions to programmers to make use of procedures when writing one of your own isn’t the most effective. Although the API calls are a bit hard to work with, they can still help you achieve much of what you’d like, without further coding....