![]() rdata - import and export info and read-only data used by the program (hint: think remote data) ![]() text - instructions and program codes that the CPU executes What tools can find if the file has packed programs or obfuscated code? PEid displays the type of packers used in packing the program. They must be able to display ASCII and Unicode strings as well. What tools to investigators use do find strings in executables? Strings, ResourcesExtract, BinText, Hex Workshop, WM9Codes Behavioral analysis or dynamic analysis deals with the study of malware behavior during installation, on execution and while running. Investigators can use tools such as HashMyFiles to create a fingerprint of the suspect file as part of the static analysis. The Message-Digest Algorithm 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) are the most commonly used hash functions for malware analysis. The process uses debugging tools such as OllyDbg and IDAPro. This process will help investigators find the language used for programming the malware, look for APIs that reveal its function, etc. Malware Disassembly: The static analysis also includes dismantling of a given executable into binary format to study its functionalities and features. For instance, Windows binary is in PE format that consists of information, such as time of creation and modification, import and export functions, compilation time, DLLs, linked files, as well as strings, menus and symbols. Static analysis also shows the portable executable (PE) information. It's investigating the executable with running or installing it. Static analysis is a basic analysis of the binary code and comprehension of the malware that explains its functions.
0 Comments
Leave a Reply. |