A comparison of tools for malware analysis
Click here to load reader
-
Upload
tiziana-spata -
Category
Technology
-
view
255 -
download
2
Transcript of A comparison of tools for malware analysis
A COMPARISON OF TOOLS
FOR MALWARE ANALYSIS
Tiziana Spata
Università degli Studi di Catania
Dipartimento di Matematica e Informatica
Malware is everywhere...
Malware Analysis
PROGRAM UNDERSTANDING
PREVENT MALWARE ATTACK
Static Analysis
Dinamic Analysis
Static Analysis
It’s performed without executing the
program:
• Disassemble the malware
• Control flow or Data flow analysis:
provide a great deal of information
on how malware functions
IDA Pro
The Interactive Disassembler Professional
is a product of Hex-Rays.
It’s a recursive descent disassembler:
• Sequential Flow Instructions
• Conditional Branching Instructions
• Unconditional Branching Instructions
• Function Call Instructions
• Return Instructions
Dinamic Analysis
It’s performed by executing programs on a real or
virtual environment.
• Black Box Analysis: "what you see is all you get"
• White Box Analysis: it’s different from Static
Analysis!
Wireshark
It’s a free and open-source packet analyzer.
Most network interfaces can be put in
“promiscuous mode”, in which they
supply to the host all network packets they
see.
oSpy
It’s a packet sniffing tool which aids in
reverse-engineering software running on
the Windows platform.
The sniffing is done on the API level
which allows a much more fine-grained
view of what’s going on.
Process Monitor
It’s an advanced monitoring tool for Windows
that shows real-time file system, registry and
process/thread activity.
Process Monitor includes powerful monitoring
and filtering capabilities:
• File System
• Registry
• Process
• Network
• Profiling
OllyDbg
It’s a debugger that races registers,
recognizes procedures, API calls…
It has a friendly interface, and its
functionality can be extended by third
party plugins.
Conclusions
A good analysis of malware can be made
thanks to the combination of several tools
that implement techniques of static and
dynamic analysis.
Thanks for your attention!