Malware Hunt: Demystifying the Invisible Threats

Module 2/3: Static Analysis: Demystifying the Code of Malware

In the first module, we used a dynamic analysis approach which involves observing the behaviour of a malware sample in a controlled environment, commonly referred to as a sandbox or virtual machine. During dynamic analysis, the malware is executed, and its actions are monitored and recorded. This approach allows one to observe the malware’s behaviour in real-time and gather valuable information about its capabilities, such as process disguising, persistence mechanisms, communication with command and control servers, and downloading additional modules.

Limitations of Dynamic Analysis:
Some malware can detect that it’s being analysed and may behave differently or not execute at all. The analysis environment might not perfectly replicate a real user’s system, leading to potential differences in behaviour.

Static Analysis (Code Analysis):
Static analysis involves examining the malware’s code and characteristics without executing it. This typically involves reverse engineering the code, disassembling it, and studying its structure to understand its functionality and inner workings. Static (code) Analysis helps us to uncover the below details:

• Hidden behaviour discovery: Static analysis can reveal hidden or encrypted parts of the malware that might not be evident during dynamic analysis.
• In-depth understanding: By examining the code, we can gain a deeper understanding of the malware’s inner workings, for example;
  • Process Injection: Techniques used to run malware inside a process
  • Network Protocol Analysis: Understanding and decoding Command and Control packets format.

Course instructor: Saurabh Sharma, Kaspersky

About the instructor: Saurabh Sharma is a senior security researcher at the Global Research and Analysis Team (GReAT) in Kaspersky. He contributes to the GReAT team’s mission by helping to investigate the most active and advanced threat actors, targeted attacks, attacker tools, and more. Saurabh’s professional passions include reverse engineering malware, as well as uncovering, tracking, and analyzing APT campaigns, and providing technical reports. Saurabh has previously spoken at various international infosec conferences in India and abroad.

This module will have pre-requisites from Module 1 and other tools/techniques as communicated during Module 1/3.

Registration is required to attend. It is a free course (courtesy: Kaspersky Academic initiative)