Malware introduction

In the series we will cover malware analysis and common techniques used by malware authors for writing malware. We will touch upon basic introduction, setup and analysis of simple malware. The first article is a very high level introduction to malware analysis. Windows environment is the main focus of the analysis.

Malware analysis

Malware analysis is a technique to use tools like debuggers/disassemblers to check statically as well as dynamically the intent of the malware.

Types of malware

· Adware

· Bot

· Ransomware

· Rootkit

· Spyware

· Trojan Horse

To understand malware analysis, its important to understand linking of dependencies like dlls into a program. This helps us understand what is the kind of patterns used by malware in terms of the API calls they make.

Types of Linking

Static — This type of linking loads all dependencies into the program itself. This makes the executable big and is rarely used.

Dynamic –commonly used in windows programs and loads the dlls dynamically . This generally makes use of IAT tables as an indirection to map the address of the loaded dlls.

Runtime — This mechanism uses APIs like LoadLibrary, GetProcAddress to load dll during run time. This mechanism is generally used by malwares.