- what it is
- from where did virus came
- how it was infected
- what is the functionality of virus
- what type of damage did to the system
There are two type of analse
- Static Analysis = analyze the malware based on binary/code and understand functionality
- Behavioral analysis = analyze the malware based on its behavior.
Just follow the all steps one by one finaly you will realize what did you do.
Let's Start from Behavioral Analysis. :D
Step 1 - download OS
- I used windows 7 machine to plant virus and analyze it.
- I used Remnux linux virtual machine to network resolving. (fake dns resolve , wireshark analysis kind of things)
1. first of all switch off the firewall. :P
firewall disable |
3. Windows 7 network configuration
Windows 7 network configuration |
4. download and install some tools by google searching => I will describe them while using. (name and Icon on the screenshot
5. additionally you have to download strings2.exe and upx.exe and copy them to c:\windows\system32 Directory. (just google for latest version)
6. take an snapshot of configured environment (optional)
Step 3 = Setting up the remnux OS
1. setting up the remnex ip adress
2. ping from remnux to windows7 machine ( by using terminal , use bellow command)
ping 172.16.124.150
ping from windows 7 to remnux (by using windows 7 cmd)
ping 172.16.124.10
3. start wireshark on remnux os.
4. if you feel virus will communicate over web or irc , or required DNS resolve ,
it is better to start this services
commands are,
ircd start
httpd start
fakedns
service start |