Alexey Kleymenov - Mastering Malware Analysis

A malware analyst's practical guide to combating malicious software, APT, cybercrime, and IoT attacks

Alexey Kleymenov

Amr Thabet

BIRMINGHAMMUMBAI

Copyright 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Mohd Riyan Khan

Publishing Product Manager: Mohd Riyan Khan

Content Development Editor: Adrija Mitra

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Ashwin Kharwa

Proofreader: Safis Editing

Indexer: Manju Arasan

Production Designer: Ponraj Dhandapani

Marketing Coordinator: Ankita Bhonsle

First published: June 2019

Second edition: September 2022

Production reference: 1010922

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

978-1-80324-024-4

www.packt.com

I dedicate this book to my family and friends your continuous support means so much to me.

Alexey Kleymenov

To my family.

Amr Thabet

Alexey Kleymenov started working in the information security industry in his second year at university and now has more than 14 years of practical experience at several international cybersecurity companies. He is a malware analyst and software developer who is passionate about reverse engineering, automation, and research. Alexey has taken part in numerous investigations analyzing all types of malicious samples, has developed various systems to perform threat intelligence activities in the IT, OT, and IoT sectors, and has authored several patents. Alexey is a member of the (ISC) organization and holds the CISSP certification. Finally, he is a founder of the RE and More project, teaching people all over the world how to perform malware analysis in the most efficient way.

I would like to deeply thank all my family, especially my beloved mom, Olga, and wife, Anastasia, for all your love and support. Big thanks to Amr, who turned this project into enjoyable cooperative work. Im much obliged to the Packt team for addressing all of our inquiries, and to the readers and reviewers for their invaluable feedback. Finally, thanks to everyone who contributed to my personal development, served as an inspiration, or was next to me when I needed them.

Amr Thabet is a malware researcher and an incident handler with over 10 years of experience. He has worked in several Fortune 500 companies, including Symantec and Tenable. Currently, he is the founder of MalTrak, providing real-world in-depth training in malware analysis, incident response, threat hunting, and red teaming to help the next generation of cybersecurity enthusiasts to build their careers in cybersecurity.

Amr is also a speaker and trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

Id like to thank my parents for helping me and believing in me throughout this journey. And a big thanks to my book partner, friend, and former colleague, Alexey. Without his expertise, hard work, and dedication, this book wouldnt have come to light. We put our experience, expertise, and hearts into this work and we really hope it changes your life and your career as this knowledge once changed ours.

Ahmed Neil is a well-known thought leader in the cybersecurity domain whose work focuses on information security, threat hunting, threat intelligence, malware analysis, and digital forensics. He also has a passion for academic research in the field of cybersecurity. He holds an MSc in computer forensics and is currently working at IBM as a cybersecurity engineer (operations).