skip to Main Content
The smarter way
to do assignments.

Please note that this is just a preview of a school assignment posted on our website by one of our clients. If you need assistance with this question too, please click on the Order button at the bottom of the page to get started.

The main defense against malware continues to be antivirus software, which uses a combination of signatures and heuristic rules to detect malware infections. But where do the signatures come from? Security companies collect and inspect new malware samples to identify new ones that are interesting enough for thorough analysis. Expert analysts use a variety of tools to reverse engineer and understand a suspected binary. This lab will go through the processes of static and dynamic analysis, and inspect an analysis report. Note that no live malware is involved in this lab, which would be risky.
Part A: Static Analysis
As it sounds, static analysis is an examination of a suspected binary or executable without actually executing it. Various tools include disassemblers, decompilers, and source code analyzers. Typically, static analysis is incapable of giving a complete picture of the program’s behavior. In addition, malware creators can deliberately obstruct static analysis by means of packing, encryption, or obfuscation.
Question 1:
Briefly summarize the static analysis attempts to learn from a suspected binary.
What are the limitations of static analysis, or in other words, why is dynamic analysis needed?
Part B: Dynamic Analysis
Dynamic analysis involves execution of a suspected binary or executable to learn about its possibly malicious behavior. Generally, dynamic analysis looks for suspicious behavior with regards to the following:
Actions on the machine where it is running, e.g., buffer overflows, file changes;
Network traffic, e.g., communications with C&C (communications and control) servers;
Attempts to self-replicate.
Dynamic analysis can be complicated when malware creators design malware to change its behavior if it detects the presence of a virtual machine.
Clearly, execution should be done in a restricted environment like a sandbox to protect the network and other machines. There are obvious costs in computing resources and execution time. Thus, it is not feasible to carry out dynamic analysis for every suspected binary. In addition, a high level of technical expertise is needed to understand the results of dynamic analysis. Dynamic analysis, as well as static analysis, is much like detective work.
Use the textbook and online references to learn about dynamic analysis. A good introduction is there in the following webpage:
Infosec Institute. (n.d.). Dynamic analysis techniques (Links to an external site.). https://resources.infosecinstitute.com/malware-analysis-basic-dynamic-techniques/
Question 2:
Give an example of program behavior that can be learned only through dynamic analysis and not static analysis.
Question 3:
Briefly summarize the risks of dynamic analysis.
Part C: Seeing Results
You have the choice to install and experiment with a variety of software tools for static and dynamic analysis. An easier alternative is to try out one of the online services that allow you to submit a suspected binary where analysis results will be reported to you. Some choices include the following:
Virustotal (Links to an external site.). (n.d.). https://www.virustotal.com/gui/
Joe Sandbox Cloud. (n.d.). File analyzer (Links to an external site.). https://www.joesandbox.com/#windows
Joe Sandbox Cloud. (n.d.). Document analyzer (Links to an external site.). https://www.joesandbox.com/#windows
In particular, Malwr is a web interface to the Cuckoo Sandbox, which is a free tool for automated malware analysis. The documentation for the Cuckoo Sandbox is in the following site:
Cuckoo Sandbox. (n.d.). Cuckoo sandbox book (Links to an external site.).
Question 4:
Give an example of an included package in Cuckoo Sandbox. Suggested reference:
Cuckoo Sandbox. (n.d.). Analysis packages (Links to an external site.).
Some of these online services offer sample reports.
Write a short report addressing the above questions in this lab.

GET HELP WITH THIS ASSIGNMENT TODAY

Clicking on this button will take you to our custom assignment page. Here you can fill out all the additional details for this particular paper (grading rubric, academic style, number of sources etc), after which your paper will get assigned to a course-specific writer. If you have any issues/concerns, please don’t hesitate to contact our live support team or email us right away.

How It Works        |        About Us       |       Contact Us

© 2018 | Intelli Essays Homework Service®