Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool
Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool
Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware.
This is a stepping release since for the first time the Dynamic Analysis has been included for file creations (will be improved for other network/registry indicators sooner) along with process dumping feature.
Malware analysis is a process to perform analysis of malware and how to study the components and behavior of malware. On this paper it will use two methods of malware analysis, static analysis and dynamic analysis. Static analysis is a method of malware analysis which done without running the malware. While dynamic analysis is a method of malware analysis which the malware is running in a secure system [7]. Malware analysis is important, since many malware at this day which is not detectable by antivirus. Now viruses are made with special ability to avoid detection from antivirus [9]. On this research we will focus on implementation of malware analysis using static analysis and dynamic analysis method.
Features
String based analysis for registry, API calls, IRC Commands, DLL’s called and VM Aware.
Display detailed headers of PE with all its section details, import and export symbols etc.
On Distro, can perform an ascii dump of the PE along with other options (check –help argument).
For Windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
ASCII dump on windows machine
Code Analysis (disassembling)
Online malware checking
Check for Packer from the Database.
Tracer functionality
Signature Creation: Allows to create signature of malware
CRC and Timestamp verification.
Entropy based scan to identify malicious sections.
Dump a process memory
Dynamic Analysis (Still in beginning stage) for file creations.
Comments
Post a Comment