Malware Analysis Walkthroughs

So far we've been learning about the system that malware attacks, namely the hardware and core Windows tools. But now we'll get into the cool part of analyzing malware samples.

There are various types of malware which we can choose to analyze. Here are some of the most common types of malware:

  • Virus/Worms Code that infects other software on the victim machine and spreads throughout the system. The difference between viruses and worms is that viruses usually require users to execute them whereas worms can self-replicate on their own. Plenty of examples of these including Stuxnet, WannaCry, and ILOVEYOU. They all spread rapidly across countries and organizations causing billions in damage.

  • Trojan Malware that masquerades as legitimate software but has malicious functions. A recent example is the Emotet banking trojan which spreads through email attachments, and proceeds to download other types of malware upon execution.

  • Rootkit Rootkits are made to gain admin level control of a victim machine, as we saw in the Windows Internals section. This helps it to potentially evade detection and establish persistence. A cool example of this is the Sony rootkit (yes that Sony) which the company made to prevent copyright infringement. But it was poorly made such that it allowed other malware to hide as well.

  • Keylogger As the name implies, this malware records keystrokes potentially giving attackers usernames and passwords (and your late night proclivities). An example of this is AgentTesla that can capture keystrokes, clipboard data (stuff that you copy-paste), and screenshots.

  • Spyware Self-explanatory, it gathers information on the victim and sends it to the attacker. An example of this is the Pegasus spyware that was developed by the NSO Group and can infect both iOS and Android devices. The terrifying part is that it does not require the user to execute it.

As much as we'd like to learn malware analysis like Neo learned jujitsu, let's begin with simple ones without fancy features like obfuscation and polymorphism.

PreviousNavigating Malware BazaarNextAnalysis of AgentTesla

Last updated

Was this helpful?