Ebook: Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware

Malware analysis and memory forensics are powerful analysis and investigation techniques used in reverse engineering, digital forensics, and incident response. This book teaches you the concepts, tools, and techniques to determine the behavior and characteristics of malware using malware analysis and memory forensics.;Cover -- Title Page -- Copyright and Credits -- Dedication -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Introduction to Malware Analysis -- 1. What Is Malware? -- 2. What Is Malware Analysis? -- 3. Why Malware Analysis? -- 4. Types Of Malware Analysis -- 5. Setting Up The Lab Environment -- 5.1 Lab Requirements -- 5.2 Overview Of Lab Architecture -- 5.3 Setting Up And Configuring Linux VM -- 5.4 Setting Up And Configuring Windows VM -- 6. Malware Sources -- Summary -- Chapter 2: Static Analysis -- 1. Determining the File Type -- 1.1 Identifying File Type Using Manual Method -- 1.2 Identifying File Type Using Tools -- 1.3 Determining File Type Using Python -- 2. Fingerprinting the Malware -- 2.1 Generating Cryptographic Hash Using Tools -- 2.2 Determining Cryptographic Hash in Python -- 3. Multiple Anti-Virus Scanning -- 3.1 Scanning the Suspect Binary with VirusTotal -- 3.2 Querying Hash Values Using VirusTotal Public API -- 4. Extracting Strings -- 4.1 String Extraction Using Tools -- 4.2 Decoding Obfuscated Strings Using FLOSS -- 5. Determining File Obfuscation -- 5.1 Packers and Cryptors -- 5.2 Detecting File Obfuscation Using Exeinfo PE -- 6. Inspecting PE Header Information -- 6.1 Inspecting File Dependencies and Imports -- 6.2 Inspecting Exports -- 6.3 Examining PE Section Table And Sections -- 6.4 Examining the Compilation Timestamp -- 6.5 Examining PE Resources -- 7. Comparing And Classifying The Malware -- 7.1 Classifying Malware Using Fuzzy Hashing -- 7.2 Classifying Malware Using Import Hash -- 7.3 Classifying Malware Using Section Hash -- 7.4 Classifying Malware Using YARA -- 7.4.1 Installing YARA -- 7.4.2 YARA Rule Basics -- 7.4.3 Running YARA -- 7.4.4 Applications of YARA -- Summary -- Chapter 3: Dynamic Analysis -- 1. Lab Environment Overview -- 2. System And Network Monitoring.