Scribd
Upload
17 views

What Is A Malware and Their Different Goals

Uploaded by

MAJID ABDULLAH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
17 views

What Is A Malware and Their Different Goals

Uploaded by

MAJID ABDULLAH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

1) What is a Malware and their different goals ?

 Malware is any software intentionally designed to cause damage to a computer, server,


client, or computer network.
 Malware analysis is the study or process of determining the functionality, origin and
potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit,
or backdoor.
 Goals of malware analysis
o Determine what happened - Malware nature and purpose - Infection mechanism –
Host/network interaction - Attacker interactions
o Determine Threat Actor profile - Profile - Sophistication level
o Develop signatures to detect malware infections

2) What are the differences between Static and Dynamic analysis ?


 Static analysis •No execution < Involves analyzing the code without running the code. -
Won’t harm your working station - Understand the behavior of the malware
 Dynamic analysis •Behavior comprehension through execution < Execute the code in an
isolated environment - Monitor system changes Easier than static analysis but - More
dangerous - Not very effective in the case of advanced malware

3) What are the 4 main groups of infection vectors ?


1) What is the Malware Analysis Process ? And explain different steps.

2) What is the Packing Files evasion technique ? And how to detect it ?


3) What is the Anomaly Detection technique to identify Malware ?
Based on Intrusion Detection Systems (IDS) Difficult part here is to make it realize what is «
normal » It can detect previously unknown malware This detection shouldn’t be the only
one and always be combined with others as part of a defense in depth mechanism

4) What is the SandBox principle ?

1) What are the steps for Malware / Infection Mitigation ?

▌First step: containment

▌Next step: Do your analysis !

▌Next step: eradicate and remediate

▌Next step: Share your knowledge

2) Why should you be careful when restoring a backup ?

Prepare your system Backup data - Care: do not include malware in your backup

3) How or in which steps can Threat Intelligence may be used in Malware Analysis?

You might also like