Reverse Engineering Malware Analysis

On-line Malware Analysis Articles

You can learn a lot about malware analysis on-line. I wrote a number of articles on the topic, so allow me to walk you through them:

• Get started with my article 5 Steps to Building a Malware Analysis Toolkit Using Free Tools. If using virtualization software to set up your lab, take a look at Using VMware for Malware Analysis.
• Read about the 3 Phases of Malware Analysis Process to get an overview of the key aspects of the malware-reversing effort and a related article Mastering 4 Stages of Malware Analysis.
• Got get a good sense for what typical output of the reversing process looks like, take a look at my postWhat to Include in a Malware Analysis Report and at Anuj Soni's article How to Track Your Malware Analysis Findings.
• As you continue to experiment with malware analysis, take a look at the cheat sheets I put together for reverse-engineering malware and analyzing malicious documents.

Malware Analysis Webcasts

I recorded several webcasts that can act as a good starting point for individuals getting into malware analyis:

• Introduction to Malware Analysis: Learn the two-phased approach to reversing malware, including an example of examining its code using a debugger.
• Introduction to Behavioral Analysis of Malicious Software: Take a closer look at the steps needed to analyze the behavior of a suspicious Windows executable, using a backdoor program as a practical example.
• Malware Analysis Essentials using REMnux: See some of my favorite REMnux tools in action for statically examining malicious Windows executables and other files.
• What's New in REMnux v4 for Malware Analysis: Get an overview of several handy tools added to REMnux as part of the version 4 release.

Books on Malware Analysis

There are also a few books you may want to explore to dig deeper into the topic of malware analysis, including:

• Practical Malware Analysis offers an excellent step-by-step walk-through of the steps and tools useful for examining malware. This book is good to read before as well as after taking the SANS FOR610 course on this topic.
• Malware Analyst's Cookbookprovides amazing tips and tools for malware incident response and analysis, but is best for the readers who have some familiarity with the topic beforehand.

If you have recommendations on how to get started with malware analysis, please leave a comment.

Lenny Zeltser focuses on safeguarding customers' IT operations at NCR Corporation. He also teaches how to analyzemalware at SANS Institute. Lenny is active on Twitter and writes a security blog.