Scribd
Upload
3 views5 pages

Static

The document discusses static and dynamic analysis methods for understanding file behavior and characteristics, emphasizing the importance of cryptographic tools and behavior monitoring. It lists various tools such as Trident, Exeinfo PE, and Regshot for analyzing file types, properties, and system changes. Additionally, it highlights the use of network monitoring tools like Fakenet and Wireshark for capturing and analyzing network connections related to malware.

Uploaded by

Ramanjaneyulu Matakala
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3 views5 pages

Static

The document discusses static and dynamic analysis methods for understanding file behavior and characteristics, emphasizing the importance of cryptographic tools and behavior monitoring. It lists various tools such as Trident, Exeinfo PE, and Regshot for analyzing file types, properties, and system changes. Additionally, it highlights the use of network monitoring tools like Fakenet and Wireshark for capturing and analyzing network connections related to malware.

Uploaded by

Ramanjaneyulu Matakala
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

What he stetting analysis, static analysis involves three things it could be,

firstly, performing
a hedge by using tools to obtain a cryptographic.
Once we obtain a cryptographic, we can then hook up the Internet to see
whether anybody else has already
done a similar analysis.
This is also how we can find out more information about any file, because
as we have seen in the previous
lessons, you cannot rely on your file extension nor the file name in order
to know what file it is.

So embarrassing is Unico strings, aski strings or even encrypted strings.

And thirdly, we do analyze the behavior, a behavior will contain information, as you're seeing a
previous message.

So there's three ways of performing analysis will give us a clue as to what the file does, what, what,

Trident: This tool useful to identify the type of the file

ExePE Info: Exeinfo PE is a program that lets you verify .exe files and check out all their properties.

Bintext: Bin Text is a file text scanner/extractor that helps find character strings buried in binary files

Strings: The easiest program to use is the strings utility, which scans a given file for human-readable
strings. Another tool that is frequently used for reverse engineering is a hex editor, which allows you
to view and modify the raw bytes of a file.

Xorsearch: This tool is very powerful for analysis the binary code or any malware case. XORsearch : -
XORSearch is a program to search for a given string in an XOR, ROL or ROT encoded binary file. An
XOR encoded binary file is a file where some (or all) bytes have been XORed with a constant value
(the key).

CEF Explorer:

What does a PE header contain?

The PE file header consists of a Microsoft MS-DOS stub, the PE signature, the COFF file header, and
an optional header. A COFF object file header consists of a COFF file header and an optional header.
In both cases, the file headers are followed immediately by section headers.

Xorsech: encrefpted stingas

CEF Exploder : for PE hedder

Hasmyfike it used to create hadj vlius


Dynamic Analysis:

monitoring changes and also behavior monitoring in monitoring changes.


We will create a snapshot.
A snapshot of the operating system before running the farm, before
writing the malware and in what
is already often a snapshot, we were.

His behavior monitoring, behavior monitoring is where we will study in


more detail the behavior of
the running malware.
For example, we can see if the malware has created any new processes.
And with a script written, new fire the Detainee Files.
And so on.
Regshot: used for dynamic analysis, shot that can be used to create a snapshot of the operating
system before

snapshots and will tell you which the changes are, the changes that the
military has made to the operating
system.
From there, you can know if the weather has created any new keys in
your registry.

And we can also know what new files which the mother has created.
And also other changes, next Tuesday's hotel runs now auto runs will be
able to tell you what are the

Autoruns: persistance mechanism which the public has used.


Now, it is typical for a member to try to survive a reboot of the operating
system by creating new
registry entries inside the inside the registry hall, creating copies of each
cell in setting for the
locations which you are to start any programs contained within it.

Fakenet:

pregnant is used to capture any kind of any kind of network connection to


any outside service.
So they know pretend to do so, which is they tried to reach.

Wireshark:

So it's very powerful, you can open the peak far from Vietnam and you
can analyze all the packets in
detail, then you come to Propman, also known as process.

Procmon:

Moneta from one can be used to analyze the API, which a malware course
and is very useful and analyze

Procdot:

beautiful graph, a visualization graph which can then show us things which

We can also see why the registry, which are created in order to maintain
persistence of the malware.
[Link]
trending-process

You might also like