kdaindia.blogg.se

Tcpview tool
Tcpview tool









UPX (Already seen this in static analysis) We can analyze the process threads from threads tab and strings tab will display all the strings that are available with that file where researcher will come to know that the malware is packed or not by analyzing the strings that might have details of packager details. We can easily get into TCP/IP tab to find any external communication backdoor that malware is trying to create. This is how properties of a process will look like Lets Inspect a malware already in there in our system We need to find out our malware process then we can inspect its properties by double clicking it. We Already infected our system by running the malware in the previous inspection with registries. We need to extract the downloaded folder and open a file named as procexp.exe We are going to use a tool called Sysinternals suite from this site To perform this inspection we need an infected windows system and a process explorer to analyze a malware running processes. you can download this tool from this site We can use other tools too like uninstall Tool to install and trace our malware to check its behavior. We can easily come to know everything by inspecting all the necessary things to check in our host with the help of Directory tree. Once it is installed we can check out what files, registries have been added, deleted or manipulated with our HOST. We need to choose our malware sample by browsing the directory where we have our malware. InstallRIte helps us to install and trace a malware in HOST level terms. you can download many malware samples from internet you can download from here too i have 2 samples ready to do your work. You have to be ready with malware sample then it will be in flow with your work. so we take screenshot first by clicking next, it will take more than 10 minutes. You can download this tool by clicking this link.Īfter Installation, we don’t need to configure the tool by default it will monitor entire registry. Whenever we install, delete or modify any new files, our registries got affected by this action, so in here we are going to monitor changes in our system by inspecting registries using a tool called InstallRite. We have completed all the Basic and Theoretical stuffs that we use in our practical session, today we will be analyzing a piece of malware with various techniques by monitoring registries, file systems and memory for potential risks and threats.įor those who don’t have any idea what’s going on here, i would suggest you to go back and go through all our malware analysis series of blogs before continuing with this one by just a click away in here.











Tcpview tool