In this short course, we covered various aspects of malware analysis. We explained static malware analysis, analyzing hashes and strings, analyzing portable executable header, packed malware samples, analysis using online scanner, using YARA rules for malware analysis, dynamic malware analysis, using process explorer and lastly reverse engineering a sample using Ghidra.
Please watch the video at the bottom for full detailed explanation of the walkthrough.
Course Contents
- Intro to static malware analysis
- String and hash analysis
- Portable executable analysis
- Analyzing packers
- Malware analysis with YARA rules.
- Intro to dynamic malware analysis
- Dynamic malware analysis with process explorer
- Reverse engineering with Ghidra
Who is this course for?
This course is ideal for individuals new to cybersecurity or malware analysis who want to gain a foundational understanding of the subject. It’s suitable for students, IT professionals looking to broaden their skillset, or anyone curious about how malware is analyzed.
What will I learn or gain from this course?
By the end of this course, you should have a basic understanding of:
* What malware analysis is and its importance.
* The core methodologies of static and dynamic malware analysis.
* Some of the common tools used by malware analysts.
* How to approach the analysis of a malware sample through a practical example.
What tools will be discussed or used in the course?
The course mentions several tools, including PEStudio, PEBear, Process Hacker, Process Monitor, Regshot, Wireshark, and the debuggers x64dbg/x32dbg.
Is there a practical component to the course?
Yes, the course outline includes a “Practical Example (Analyzing a Real Malware Sample),” suggesting a hands-on demonstration or walkthrough.
Intro to malware analysis
When learning or even conducting malware analysis, a lab setup for malware analysis requires the ability to save the state of a machine (snapshot) and revert to that state whenever required. The machine is thus prepared with all the required tools installed, and its state is saved. After analyzing the malware in that machine, it is restored to its clean state with all the tools installed. This activity ensures that each malware is analyzed in an otherwise clean environment, and after analysis, the machine can be reverted without any sustained damage.
Following these steps ensures that your VM is not contaminated with remnants of previous malware samples when analyzing new malware. It also ensures that you don’t have to install your tools again and again for each analysis.
1. Create a fresh Virtual Machine with a new OS install
2. Set up the machine by installing all the required analysis tools in it
3. Take a snapshot of the machine
4. Copy/Download malware samples inside the VM and analyze it
5. Revert the machine to the snapshot after the analysis completes
Full Video Course
Where can I find more resources or advanced courses after this one?
motasem-notes.net website lists other courses and study guides related to cybersecurity, which you might find useful for further learning. You can explore the “Courses” or other relevant sections on the site.
