Question

In: Computer Science

Research methodologies and tools to set up a safe environment to analyze malware as well as...

Research methodologies and tools to set up a safe environment to analyze malware as well as methods to test exploits. Minimum 3 pages for basic analysis

1.basic static techniques

2.malware analysis in virtual machines

3. basic Dynamic analysis

Research methodologies and tools to set up a safe environment to analyze malware as well as methods to test exploits. Minimum 3 pages for advanced static analysis

1.analyzing malicious windows programs.

Research methodologies and tools to set up a safe environment to analyze malware as well as methods to test exploits. Minimum 3 pages for anti-reverse-engineering

1.anti-disassembly

2.anti-debugging

3.packers and unpacking

Solutions

Expert Solution

Static Analysis:- The software/ piece of code is analyzed without executing.

Techniques/Methods

Tools

File Format Inspection: the file header, its extension, the blank spaces in the file is inspected.

debugger- traces the errors in the targeted system.

Fingerprinting- Document fingerprinting maps the sensitive data such as file or documents into unique shorter string. these strings protect the confidential information of the files.

code analyzers- reviews, test and analyzes the source code and generates reports.

String Extraction: strings embedded in the file can help to detect suspicious binary presence such as filename created by the malware could be saved in the string

disassembler- translates machine language into assembly language

AV scanning-Anti-Virus scans the system to detect malicious code.

decompiler- recompiles input file as high level source file

Disassembly- reads binary file and seperates its data types and code.

source-open-source platform wherein licensed software are released which could be used by developers.

Dynamic Analysis:

The functionality of the software and its behavior is analyzed by executing the software. The code contained in the software program is analyzed by tracing each instruction in the program, the control flow, the parameters, variables, function calls

Methods\Techniques

Tools

Information Flow tracking -tracks all the information flow in the machine by tracing all the implicit and explicit data transfer flow

Sandbox: separates the running programs and the platform/system to mitigate the vulnerability and failure

Function Call Monitoring- Hooking is the process to capture function calls. Any call to a function invokes Hook function which examines the input, output, intermediatory function calls.

Simulator: predicts output/behavior of the real world or an actual physical system.

URLS accessed- is the redirection to another web resource

emulators RegShot: open-source portable registry comparison tool

Files creation and files accessed

Process Explorer: freeware task manager and system monitor

Malware analysis in virtual machines:

a simulated environment which is the replica of real system is created upon which the malware is executed and the behaviour of malware is analyzed ;how it would have affected the real system is predicted without damaging the actual real system

Techiniques

Tools

1.Creating VM.

2.Selecting OS type

3.Allocating RAM memory

4.Creating a virtual hard disk

5.Allocating storage space to the hard disk.

6.Installing the virtual operating system to run VM.

7.Capturing VM snapshot

1.Windows virtual machine-debug malware without infecting host system.

2.FLARE VM:- open-source window based VM malware software

Analyzing malicious windows programs

Techiniques

Tools

Analyzing the following :-

Windows API

File system function

Special files

Windows Registry

Root Keys

Networking APIs

DLLs (Dynamic Link Libraries)

1.Cuckoo Sandbox-is an open source framework that automates malicious file

analysis for Windows, OS X

2.Detect-It-Easy-  determines file types.

3. MASTIFF Static analysis framework-. conducts a few examination utilizing run-time conduct and many highlights from a file

4. MultiScanner -Modular file scanning/analysis with machine-learning

Anti-disassembly techniques

Tools

API obfuscation

Opcode/assembly code obfuscation

Junk/spaghetti code

Control flow graph flattening

Windows API

CloseHandle/NtClose

FindWindow

NtGlobalFlag

Anti-debugging techniques

PEB.BeingDebuggedFlag

DebugPort: CheckRemoteDebuggerPresent()

Debugger interrupts

Heap Flags and ForceFlags


Related Solutions

what can be the methodologies adapted to set up a new PMO in a company ,...
what can be the methodologies adapted to set up a new PMO in a company , as the company is havinh issues delivering projects on time. and when you will be suggesting about methodologies ,I want to know about their initiation, planning ,execution,, control and close phase..
Research and set up a mock-up IT policy pertaining to the use of mobile devices covering...
Research and set up a mock-up IT policy pertaining to the use of mobile devices covering personal cell phones, wearables, and company laptops and tablets. Please give the following: cover sheet IT strategy Physical map of area coverage end user usage policy minimum requirements local, state and Federal laws and guidelines ( if applicable) an example of the policy
Do research current acquisition tools as many as you can that are available up to now,...
Do research current acquisition tools as many as you can that are available up to now, specifying computer forensics vendor name, acquisition tool name and features of the vendor’s product. You can classify the listing vendors you found with Excel or Word table that contains each row with the acquisition tool name and each column, such as raw format, proprietary format, AFF format, other proprietary formats the tool can read, compression of image files, remote network acquisition capabilities, and method...
For the following question provide your opinion, but back it up with your research as well...
For the following question provide your opinion, but back it up with your research as well as references used.... Why is there such an emphasis on patient safety in today's healthcare environment? Thanks a million in advance!
You are a Management Accounting Intern, at XYZ Tools Private Limited, a newly set-up, small manufacturer of custom
You are a Management Accounting Intern, at XYZ Tools Private Limited, a newly set-up, small manufacturer of custom designed and developed precision tools, for large machine shops. Being in the jobbing business, the company bids for jobs and executes them. Currently it captures costs by department and accounts for stores and raw material inventories.Your role is to suggest improvements to the Cost Accounting system. You are about to make a recommendation to introduce a Product Costing System. When you sound...
Set up a two particle, totally elastic collision. Make the two particles have different masses. Analyze...
Set up a two particle, totally elastic collision. Make the two particles have different masses. Analyze the collision (determine initial and final velocities of the two particles) in three different frames. One frame must be the center of mass frame, one frame must be co-moving with one of the particles before the collision, and the third frame is up to you. In each frame calculate the change in kinetic energy for each particle and compare these values. That is, does...
How critically is Marketing research in Business set up? Which of Marketing Mix needs MR the...
How critically is Marketing research in Business set up? Which of Marketing Mix needs MR the most? What are the Advantages and Disadvantages of MR?
research about of detection of water pollution by microwave techinque includeing: 1. Microwave system set-up 2....
research about of detection of water pollution by microwave techinque includeing: 1. Microwave system set-up 2. Microwave source 3. Microwave detection 4. Microwave power level measurement 5. Microwave material interaction
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT