There are two main ways in which Malwares are analyzed
1. Behavioral Analysis
2. Static Analysis
In Behavioral Analysis we observe the behavior of the Malware. We observe and record what changes the Malware is doing to the system it is infecting, how it is trying to stay under the hood undetected by the user of the machine.
This includes the use of tools like RegShot which shows us exactly what keys/files the malware is trying to modify, also a basic observation of system behavior is needed
In Static Analysis we try to analyze the Malware by observing the code of the program in question. Generally we go through the Assembly level code of the program and try to observe peculiar actions performed by it. There are certain actions which are peculiar to Malware behavior, if the same actions are found in the program, it is highly likely that the program is malicious in nature. We use Disassemblers like IDA Pro and Debuggers like OllyDBG for this purpose.
Both the methods have their Pros and Cons but both are very instrumental for a deeper, much thorough analysis.
Think of it like two sides of a coin.
I will shortly cover in depth about both the techniques mentioned in the post.
1. Behavioral Analysis
2. Static Analysis
In Behavioral Analysis we observe the behavior of the Malware. We observe and record what changes the Malware is doing to the system it is infecting, how it is trying to stay under the hood undetected by the user of the machine.
This includes the use of tools like RegShot which shows us exactly what keys/files the malware is trying to modify, also a basic observation of system behavior is needed
In Static Analysis we try to analyze the Malware by observing the code of the program in question. Generally we go through the Assembly level code of the program and try to observe peculiar actions performed by it. There are certain actions which are peculiar to Malware behavior, if the same actions are found in the program, it is highly likely that the program is malicious in nature. We use Disassemblers like IDA Pro and Debuggers like OllyDBG for this purpose.
Both the methods have their Pros and Cons but both are very instrumental for a deeper, much thorough analysis.
Think of it like two sides of a coin.
I will shortly cover in depth about both the techniques mentioned in the post.
No comments:
Post a Comment