Practical Malware Analysis Chapter 3 Lab Attempt

preview_player
Показать описание
To demonstrate a basic understanding of malware analysis theory and exposure to related tools, I created this video. It may help others, too. I'm not claiming to be either purely altruistic or an expert.

The big picture for me is to understand all aspects of malware so I can maximize my effectiveness as a penetration tester. I will be completing the Offensive Security Certified Professional lab machine exploitation in the next month or two and hope to take the test soon.

00:24 Answer 1
12:35 Answer 2
34:55 Answer 3
48:20 Answer 4
  1. Andy Marks
Рекомендации по теме
practical malware analysis 0:17:47

practical malware analysis : chapter 3 labs

Practical Malware Analysis 1:03:30

Practical Malware Analysis Chapter 3 Lab Attempt

Malware Analysis - 0:12:58

Malware Analysis - Chapter 03 - Basic Dynamic Analysis

Dynamic Analysis Techniques 0:19:55

Dynamic Analysis Techniques - Lab 3-1 Intro to Malware Analysis

Practical Malware Analysis 0:38:59

Practical Malware Analysis Lab 19-3 walkthrough

Practical Malware Analysis 0:12:14

Practical Malware Analysis Labs | Lab03-01 Lab3-02

Lab13_IAM302 ReverseEngineering_Analysis Lab03-03 0:08:17

Lab13_IAM302 ReverseEngineering_Analysis Lab03-03 & Lab03-04

Practical Malware Analysis 0:18:09

Practical Malware Analysis Labs | Lab03-03 Lab3-04

CNIT 126: 2: 0:36:19

CNIT 126: 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis

Practical Malware Analysis 1:33:13

Practical Malware Analysis

9 Types Of 0:00:32

9 Types Of Computer Malware

CNIT 126 0: 0:37:05

CNIT 126 0: Malware Analysis Primer & 1: Basic Static Techniques (Part 1)

Practical Malware Analysis 0:21:27

Practical Malware Analysis - Static Analysis

Malware Analysis Crash 0:13:09

Malware Analysis Crash Course P3.1 - Basic Static Analysis [Arabic]

Practical Malware Analysis 0:17:12

Practical Malware Analysis | Information Warfare

Practical Malware Analysis 0:09:24

Practical Malware Analysis Labs | Lab07-03

Practical Malware Analysis 0:08:22

Practical Malware Analysis Labs | Lab06-03 Lab06-04

Lab21-01 from Practical 0:04:58

Lab21-01 from Practical Malware Analysis or how reverse shell actually works

CNIT 126: Ch 0:25:32

CNIT 126: Ch 2-3: Basic Dynamic Analysis

Intro to Practical 0:06:52

Intro to Practical Malware Analysis

#Lab Setup for 0:06:58

#Lab Setup for Malware Analysis|Part-1|#Malware Analysis|LECTURE#3

Beginner Malware Traffic 0:10:30

Beginner Malware Traffic Analysis Challenge

Malware Analysis - 0:17:57

Malware Analysis - Chapter 00 - Malware Analysis Primer

Malware Demo and 0:57:03

Malware Demo and Tutorial

Комментарии
Автор

Thank u so much!even after years I found this channel useful

dynaa
Автор

Please provide the notepad file at 47:21 . Thanks

AbdulHannan-jwmi
Автор

I.            
BASIC STATIC ANALYSIS

 

Steps: For the
Object

1.                 
Upload to Virustotal.com

2.                 
Run the STRINGS
program to find clues to purpose as well as host  / network based signatures. Use CMD prompt
& send to .txt file

3.                 
Attempt to
determine packing – if any – by using PEiD

4.                 
Explore DLL
dependencies with Dependency Walker – focus
on Imports and their purpose

5.                 
Use RESOURCE HACKER to evaluate all
resources. Action àSave as Binary then send to PEView for embedded files

II.          
BASIC DYNAMIC ANALYSIS

 

Steps: For the Object

1.                 
Upload to malware

2.                 
Prep for dynamic
test: Set up Environment w/ tools to monitor malware   

a.       REGSHOT: take a shot right before running

b.      PROCMON: Clear log – Start program then
launch malware

c.       Process Explorer: open up
during prep

d.      ApateDNS: Reroute to the InetSim server

e.      WIRESHARK: start to capture traffic before
running malware

f.       
Take final
snap shot to compare

3.                 
Run Malware: If
DLL, use DLL execution techniques (pg 42)

4.                 
Post Execution Evaluation
(tools)

a.    PROCESS EXPLORER

·        
Look for mutexes
(mutant) – look at new processes & active examination window at the bottom
of the screen

·        
Verify option to check signature

·        
View STRINGS
of image (vs) strings of memory copy to see if program is different

b.      Look at InetSim logs

c.       ApateDNSL: look at URLs or IP Addresses
contacted

d.      PROCMON & WIRESHARK: stop
programs – check results

jjjww
Автор

Hi Andy / all,

Having a problem with Lab03-01. Labs all setup just like you, got a Windows 7 Pro (unpatched) machine with ApateDNS and NC running, INetSIM and Kali running Wireshark.

When I run the malware, I get the following error: "The application was unable to start correctly Click OK to close the application". Because of this error I don't believe the malware is able to execute properly (the mutex WINVMX32 isn't in System32 nor does it show in Process Explorer, just like as shown in the PMA Answers Chapter in the book, etc)

I noticed in your example you didnt get such an error message. What am I doing wrong? Can you help?

stuartslade