Skip navigation.
Home

How to make STRONG analysis

Hi all, I have some malware samples, according to threatexpert they steal information, but I need to analyse these malwares in detail that what kind of information they steal, through which mechanism they steal, from where (file path/registry query) they are getting information.
Can u please suggest me that how can i be on right track in making such a strong analysis.
is there any such tool other than cwsandbox and anubis, bcz these tools do not look me useful in this regard.
Many many thanks in advance.

Process Monitor by

Process Monitor by Sysinternals is a good start. It'll show you quite a bit of detail about what an executable is doing though you'll have to learn how to filter out the useless crap and learn what means what. This means you'll actually be executing the sample so some kind of VM is a necessity.

If you're looking to get into deep detail how the samples work you'd better start getting intimate with Assembly language, IDA Pro and Ollydbg. There is only so much you can get with dynamic analysis before you have to go static and crawl through assembly.

Thanks

Thanks chayak!
I have downloaded Process Monitor and prepared VM setup. Now started to explore this tool.
Can u please share ur personal email address too, so that I can contact you through email easily.

Thanks in Advance.

How to make STRONG analysis

Hi there,
check this https://projects.honeynet.org/capture-hpc. I's a bit hardly to install but is really a good system (client and server) for malware analysis.

I have try zerowine but I think that is still an alpha version.

If you are interested I'm dissecting mebroot/sinowal some screen shots are posted on my blog
http://extraexploit.blogspot.com

Regards