Hero
MANDIANT ACADEMY™

Essentials of Malware Analysis
(On-Demand Module Overview)

This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis.

Male in Office Focused at Computer

Course Description

This 16-hour on-demand course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, virtual hands-on approach. The course introduces students to Disassembly, including subtopics on X86 Architecture, The Stack, C Code Constructs, and an introduction to IDA Pro. The content is developed and taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.

Learning Objectives

After completing this virtual course, learners should be able to:

  • Quickly perform malware triage using a variety of techniques and tools without running the malware
  • Analyze running malware by observing file system changes, function calls, network communications and other indicators
  • Interpret x86 assembly language
  • Utilize and navigate IDA pro

Who Should Attend

Information technology staff, information security staff, corporate investigators and others who need to understand how malware functions operate and the processes involved in malware analysis.

Prerequisites

General knowledge of computer and operating system fundamentals. Exposure to computer programming fundamentals and Windows Internals experience (recommended).

What to bring

Students are required to use their own laptop that meets the following specs:

  • VMware Workstation 10+ or VMware Fusion 7+
  • 30 GB of free HDD space

    Delivery Method

    On-demand training

    Duration

    16 hours
    Content is available for 3 months from date of enrollment. It can be accessed 24/7 from a standard web browser.

    Cost

    $2,000 USD or 2 EOD Units

    Course Outline

    The course is comprised of the following modules, with labs included throughout the instruction.

    Basic Techniques (Static Analysis)

    Learn to quickly perform a malware autopsy using a variety of techniques and tools without running the malware. By the end of this course, the learner will be able to explain how to extract meaningful characteristics from an unknown binary without execution.

    The following topics are illustrated in this module:

    • Hashing
    • Strings
    • Open Source Intelligence
    • PE File Format
    • Packed Executables

     

    Basics Techniques (Dynamic Analysis)

    Analyze running malware by observing file system changes, function calls, network communications and other indicators. Be exposed to basic, yet effective methods for analyzing running malware in a safe environment. By the end of this course, the learner will be able to extract meaningful runtime characteristics from an unknown binary by allowing it to execute in a controlled environment.

    The following topics are illustrated in this module:

    • Malware sandboxes
    • Virtualization and isolation
    • Host-based monitoring tools
    • Network-based monitoring tools
    • Launching binaries

    Disassembly

    Gain insight on the basics of the x86 assembly language to build a foundation of this commonly used communication as well as review the basics and build a foundation of the x86 assembly language. Also see how to use IDA Pro, the main tool for disassembly analysis, and recognize code constructs in the disassembly. By the end of this module, the learner will be able to explain x86 assembly language, use and navigate IDA pro, and stack x86 registers.

    The following topics are illustrated in this module:

    • Introduction to Disassembly
    • X86 Architecture Review
    • Introduction to IDA Pro
    • Statics analysis basics in IDA Pro
    • Enhancing Disassembly in IDA Pro
    • Recognizing common Code Constructs