# Malware Analysis ## Malware Malware is malicious software. It refer to any software that design to harm or exploit or destroy computer system. Any software that purposely build to harm the integrity and safety of system is called as Malware. ## Type of Malware : 1. Viruses : Replicate itself and able to spread to another computer. Virus spread via attaching it to program or files. 2. Worms : Replicate itself and able to spread to another computer via network. 3. Trojans : Act as legitimate software with malicious code. It can be carried for other malware and harmful activities (keylogger or remote control) (RAT) 4. Ransomware : encrypt file of victim and demand payment. 5. Adware : display unwanted advertisement 6. Backdoor : Leaving backdoor for attacker come again. 7. Banking Malware : malware that target banking application and cause money being stolen. 8. Bot/Botnet : Machine that infected by malware (slave). 9. Rootkit : Gain privilege access/Super admin without being detected (LOLbin). Remote root access to a computer. 10. Spyware: monitor the activities (passive action)(versus trojan) \-- Extra, downloader vs Dropper * Downloader only download when receive command from server . * Dropper already attached with file Malware can be spread through multiple medium such as email attachment, downloaded file or exploiting vulnerability in software system or operating system. Some malware are combination of other malware such as Wanna-cry, it come from worm and ransomware. ## What is Malware Analysis Malware analysis is process examine malware sample in order to get better understanding of it behavior and capability. The objective of malware analysis is to understand the working of malware and how to detect and eliminate it. It involves analyzing the suspect binary in a safe environment to identify its characteristics and functionalities so that better defenses can be built to protect an organization's network ## Type of Malware Analysis **Static Analysis** : In simple word, running malware without execute it. Reverse engineering method done here. (tobecontinue) **Dynamic Analysis** : Analysis the behaviour malware by running it on system. (tbd) **Memory Analysis** : Analyzing the computer RAM for forensics artifacts. Get better understanding after infection.it also use to determine the stealth and evasive capabilities of the malware Next will cover on setting up lab environment. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ymiir.gitbook.io/extra/extra-notes/malware-things/malware-analysis.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.