Fikiran Melayang Lagi..!

Dynamic analysis is any examination performed after executing malware. This technique require analyst to execute malicious code in a virtual machine in order to observe what changes it will make to the operating system. Based on the observed changes, we will try to figure out how the malware works and what the indicators of the system infection are. Behavioral analysis will cover following topics: ·          Detecting new process creation ·          Detecting file system and registry changes ·          Detecting rootkit artifacts using GMER ·          Analyzing in-memory strings ·          Monitoring system events  1.    Preparing the analysis Setup the clean Windows Machine and snapshot as a clean version. Install the tools such as Regshot, Process Explore, Process Monitor and etc in the Windows Machine. Then use INetSim that installed in Linux machine to simulate common Internet services. After running the INetSim, start the following tools; Process E

I've decided to improve my previous entry about Malware Analysis 1. I've learnt several tools and techniques that obtained from ENISA training sheets and Sam Class. Thanks ENISA  and SAM for a good stuff! So I just used malicious sample from Practical Malware Analysis Lab for this analysis.  ----------------------------------------------- Detecting and Unpacking Packers ----------------------------------------------- This is a techniques that has been used by malware author to obfuscate or evade from AV detection. First, upload the malware sample into PEid: Indicates that the malware was using UPX packer. Then use ExeInfo PE for further verification.  Confirmed that malware was using UPX and use advance scan by clicking '>' button. Then unpacking the malware using UPX Re-analyzed the sample by using PEiD. Its recognized the sample as Microsoft Visu C++ file. ---------------------------------------