Real world malware analysis
Παπαδόπουλος, Πολυμένης - Φώτιος
Papadopoulos, Polymenis - Fotios
The goal of this paper is to analyze a real-world malware, step by step, from an academic perspective. The steps to be followed, are predefined, from Basic Analysis to Advanced Static and Dynamic Analysis. There will be a detailed description of the techniques, the tools and the architecture of the lab environment. Consider that the purpose of this paper is to analyze malware once it has been found and not to reveal the malware. The under-examination malware is a ransomware, found on the Windows operating system, by far the most common operating system in use today. But the techniques and the procedures that will be used to analyze it, could work on any operating system, as long as executables would be mainly examined. Notice that, executables are the most common and the most difficult files that an incident response team will encounter.