Essentials of Malware Analysis
(On-Demand Module Overview)
This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis.
Course Description
This 16-hour on-demand course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, virtual hands-on approach. The course introduces students to Disassembly, including subtopics on X86 Architecture, The Stack, C Code Constructs, and an introduction to IDA Pro. The content is developed and taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.
Learning Objectives
After completing this virtual course, learners should be able to:
- Quickly perform malware triage using a variety of techniques and tools without running the malware
- Analyze running malware by observing file system changes, function calls, network communications and other indicators
- Interpret x86 assembly language
- Utilize and navigate IDA pro
Who Should Attend
Information technology staff, information security staff, corporate investigators and others who need to understand how malware functions operate and the processes involved in malware analysis.
Prerequisites
General knowledge of computer and operating system fundamentals. Exposure to computer programming fundamentals and Windows Internals experience (recommended).
What to bring
Students are required to use their own laptop that meets the following specs:
- VMware Workstation 10+ or VMware Fusion 7+
- 30 GB of free HDD space
Delivery Method
On-demand training
Duration
16 hours
Content is available for 3 months from date of enrollment. It can be accessed 24/7 from a standard web browser.
Cost
$2,000 USD or 2 EOD Units
Course Outline
The course is comprised of the following modules with labs included throughout the instruction.
Basic Techniques (Static Analysis)
Learn to quickly perform a malware autopsy using a variety of techniques and tools without running the malware. By the end of this course, the learner will be able to explain how to extract meaningful characteristics from an unknown binary without execution.
The following topics are illustrated in this module:
- Hashing
- Strings
- Open Source Intelligence
- PE File Format
- Packed Executables
Basics Techniques (Dynamic Analysis)
Analyze running malware by observing file system changes, function calls, network communications and other indicators. Be exposed to basic, yet effective methods for analyzing running malware in a safe environment. By the end of this course, the learner will be able to extract meaningful runtime characteristics from an unknown binary by allowing it to execute in a controlled environment.
The following topics are illustrated in this module:
- Malware sandboxes
- Virtualization and isolation
- Host-based monitoring tools
- Network-based monitoring tools
- Launching binaries
Disassembly
Gain insight on the basics of the x86 assembly language to build a foundation of this commonly used communication as well as review the basics and build a foundation of the x86 assembly language. Also see how to use IDA Pro, the main tool for disassembly analysis, and recognize code constructs in the disassembly. By the end of this module, the learner will be able to explain x86 assembly language, use and navigate IDA pro, and stack x86 registers.
The following topics are illustrated in this module:
- Introduction to Disassembly
- X86 Architecture Review
- Introduction to IDA Pro
- Statics analysis basics in IDA Pro
- Enhancing Disassembly in IDA Pro
- Recognizing common Code Constructs