Online Courses
Malware Analysis
Online Courses
Malware Analysis
  • Malware Analysis Bootcamp
  • What is Malware Analysis ?
  • Setting Up Our Environment
  • Static Analysis
  • File Type Identification
  • Generating Malware Hashes
  • Extracting Strings
  • Packers & Unpacking
  • Understanding The PE Header
    • Analyzing
  • Examining The Resources Section
  • Malware Classification And Identification
    • YARA Rules
Powered by GitBook
On this page
  • Virtual environment
  • Security Guidelines
  • Tools

Setting Up Our Environment

Virtual environment

Hypervisor
Operating System

Virtual Box or VMware

Windows 10 or Flare VM

  • Hypervisor - VirtualBox or VMware

  • OS - Windows 7 VM 32/64bit - 64 bit preferable.

    • Flare VM - Windows malware analysis distribution. Comes prepackaged with all the tools we need for malware analysis

Note: Ensure you disable Windows Update and Windows Defender on your analysis VM.

Security Guidelines

  • Keep your Hypervisor updated.

  • When executing malware ensure your network configuration is set to host-only.

  • Do not plug any USB devices into the VM.

  • Make sure you download compressed and password-protected samples to avoid accidental execution.

  • Take snapshots!

  • Do not store any valuable data on your analysis VM.

  • Disable shared folders, before execution or analysis.

Tools

  • HxD - Hex Editor

  • Exeinfo PE - Retrieves the windows PE header information. It also detects if the executable has been packed and detects the paker version and how to unpack it.

  • Pestudio

  • CFF Explorer

PreviousWhat is Malware Analysis ?NextStatic Analysis

Last updated 1 year ago