Learning Malware Analysis
Explore the concepts, tools, and techniques to analyze and investigate Windows malware
Monnappa K A
BIRMINGHAM - MUMBAI
Learning Malware Analysis
Copyright 2018 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: Gebin George
Acquisition Editor: Shrilekha Inani
Content Development Editor: Sharon Raj
Technical Editor: Prashant Chaudhari
Copy Editor: Safis Editing
Project Coordinator: Virginia Dias
Proofreader: Safis Editing
Indexer: Aishwarya Gangawane
Graphics: Tom Scaria
Production Coordinator: Nilesh Mohite
First published: June 2018
Production reference: 1290618
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78839-250-1
www.packtpub.com
To my beloved wife, for standing by me throughout the journey. Without her, it would have been impossible to complete this project. To my parents, and in-laws for their continued support and encouragement. To my dog, for staying awake with me during the sleepless nights.
mapt.io
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
PacktPub.com
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the author
Monnappa K A works for Cisco Systems as an information security investigator focusing on threat intelligence and the investigation of advanced cyber attacks. He is a member of the Black Hat review board, the creator of Limon Linux sandbox, the winner of the Volatility plugin contest 2016, and the co-founder of the Cysinfo cybersecurity research community. He has presented and conducted training sessions at various security conferences including Black Hat, FIRST, OPCDE, and DSCI. He regularly conducts training at the Black Hat Security Conference in USA, Asia, and Europe.
I would like to extend my gratitude to Daniel Cuthbert and Dr. Michael Spreitzenbarth for taking time out of their busy schedule to review the book. Thanks to Sharon Raj, Prashant Chaudhari, Shrilekha Inani, and the rest of the Packt team for their support. Thanks to Michael Scheck, Chris Fry, Scott Heider, and my coworkers at Cisco CSIRT for their encouragement. Thanks to Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters, Matt Suiche, Ilfak Guilfanov, and Lenny Zeltser who have inspired and motivated me with their work. Thanks to Sajan Shetty, Vijay Sharma, Gavin Reid, Levi Gundert, Joanna Kretowicz, Marta Strzelec, Venkatesh Murthy, Amit Malik, and Ashwin Patil for their unending support. Thanks to the authors of other books, websites, blogs, and tools, which have contributed to my knowledge, and therefore this book.
About the reviewers
Daniel Cuthbert is the Global Head of Security Research in Banco Santander. In his 20+ years' career on both the offensive and defensive side, he's seen the evolution of hacking from small groups of curious minds to the organized criminal networks and nation states we see today . He sits on the Black Hat Review Board and is the co-author of the OWASP Testing Guide (2003) and OWASP Application Security Verification Standard (ASVS).
Dr. Michael Spreitzenbarth has been freelancing in the IT security sector for several years after finishing his diploma thesis with his major topic being mobile phone forensics. In 2013, he finished his PhD in the field of Android forensics and mobile malware analysis. Then, he started working at an internationally operating CERT and in an internal RED team. He deals daily with the security of mobile systems, forensic analysis of smartphones, and suspicious mobile applications, as well as the investigation of security-related incidents and simulating cybersecurity attacks.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.
Table of Contents
Preface
The advancement of the computer and internet technology has changed our lives, and it has revolutionized the way the organizations conduct businesses. However, technology evolution and digitization has given rise to cybercriminal activities. The growing threat of cyberattacks on critical infrastructure, data centers, and private/public, defence, energy, government, and financial sectors poses a unique challenge for everyone from an individual to large corporations. These cyberattacks make use of malicious software (also known as Malware ) for financial theft, espionage, sabotage, intellectual property theft, and political motives.
With adversaries becoming sophisticated and carrying out advanced malware attacks, detecting and responding to such intrusions is critical for cybersecurity professionals. Malware analysis has become a must-have skill for fighting advanced malware and targeted attacks. Malware analysis requires a well-balanced knowledge of many different skills and subjects. In other words, learning malware analysis demands time and requires patience.