Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools...

Preview:

Click to see full reader

Citation preview

Malware Analysis Fundamentals - Files | ToolsMay 26, 2020

Marc Ochsenmeier

@ochsenmeier

www.winitor.com

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

2

Handling generic|unknown File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

3

Handling email File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

4

Handling RTF File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

5

Handling PDF file

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

6

Handling LNK File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

7

Handling MS Office 97-2003 File

doc, xls, xlsm, xlsb, ppt, msg files

(I) xls, xlsm, xlsb files

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

8

Handling protected MS Office 97-2003 File

doc, xls, xlsm, xlsb, ppt, msg files

(I) xls, xlsm, xlsb files

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

9

Handling MS Office 2007+ File

docx, xlsx, xlsb, xlsm, pptx files

(I) xls, xlsm, xlsb files

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

10

Handling protected MS Office 2007+ File

docx, xlsx, xlsb, xlsm, pptx files

(I) xls, xlsm, xlsb files

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

11

Handling MSI File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

12

Handling Executable File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

13

Handling AutoIt Executable File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

14

Handling Certificate File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

15

Handling Cab File

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

16

Handling Microsoft Office Files

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

17

Handling miscellaneous Files

Malware Analysis Fundamentals - Files | Tools

@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020

18

• Oletoolshttps://github.com/decalage2/oletools

• Didier Stevenshttps://blog.didierstevens.com/didier-stevens-suite/

• Analyzing Malicious Documents Cheat Sheethttps://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

• Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros) https://github.com/DissectMalware/XLMMacroDeobfuscator

• AutoIT Extractorhttps://gitlab.com/x0r19x91/autoit-extractor

• uncompyle2https://github.com/wibiti/uncompyle2

• LECmdhttps://f001.backblazeb2.com/file/EricZimmermanTools/LECmd.zip

More Information

Recommended

Intrusion Detection and Malware Analysis - Malware collection134.2.173.140/lehre/ws10/ids-malware/12-malware-collection.pdf · Intrusion Detection and Malware Analysis Malware collection
Documents
Evaluating Open Source Malware Sandboxes with Linux malware
Documents
MALWARES MALWARE REVIEWED ISE DE Malware Reviewed · MALWARES There are public reports about spreading of malware named as ServHelper malware. It is a backdoor malware used by attacker
Documents
Ch 12: Covert Malware Launching - samsclass.info · Practical Malware Analysis Ch 12: Covert Malware Launching Last revised: 4-10-17. Hiding Malware • Malware used to be visible
Documents
Malware - courses.cs.washington.edu · 2015. 5. 15. · Malware • Malicious’code’often’masquerades’as’good’ software’or’attaches’itself’to’good’software’
Documents
Windows Alternate Data Streams (ADS) · May 8, 2020 @ochsenmeier Marc Ochsenmeier Windows Alternate Data Streams (ADS)
Documents
Threat Bulletin Fileless Malware The Stealth Attacker · Threat Bulletin See. Control. Secure. Fileless Malware - The Stealth Attacker Fileless malware (FM), aka “non-malware”,
Documents
Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware … · 2011-08-16 · Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware
Documents
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 2 Malware and Social Engineering Attacks
Documents
Part 4: Malware Functionality Chapter 11: Malware Behavior Chapter 12: Covert Malware Launching Chapter 13: Data Encoding Chapter 14: Malware-focused Network
Documents
Malware Analysis Workshop June 5, 2012 - CCDCOE · Malware Analysis Workshop June 5, 2012 ... •Malware Analysis methods ... •Some malware doesnt run in Norman Sandbox
Documents
Reversing malware analysis training part8 malware memory forensics
Technology
Chapter 8 Malware - FTMS · – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware ... Malware Types of Malware
Documents
An Introduction To Keyloggers, RATS And Malware€¦ · Malware Malware has been a problem for ages, Malware is short form of malicious software. A Malware is basically a program
Documents
Mobile Malware Network View - Black Hat · Mobile Malware Network View ... ... Windows Malware impacts mobile
Documents
Malwarebytes Anti-Malware Unmanaged Client Administrator Guide · Anti-Malware Unmanaged Client Administrator Guide 2 Introduction Malwarebytes Anti-Malware is a next-generation anti-malware
Documents
Computer Virology and Mobile Malware Detection · 2019-03-14 · Outline •Introduction •Computer Virology • Malware taxonomy • Encrypted malware •Malware Detection •Mobile
Documents
HTA-T07R Malware Hunting with the Sysinternals Toolsindex-of.co.uk/Malware/hta-t07r-license-to-kill-malware-hunting-with... · malware Professional antimalware analysis requires years
Documents
Cybersecurity Laboratory Security Fundamentals Laboratory ... · DBD Malware (exe) Events Malware (result) Vulnera bility Alerts News Asset Info Blogs CURE From Security Big Data
Documents
Malware & Anti-Malware
Engineering