Following the great works by EvilCry, I have decided it's time to release some of my past and present works on Malware Analysis (some of them will be coming soon). This is in the hope of igniting some interests in Malware Analysis via Reverse Engineers mindset.
This tutorial is written to provide a better understanding of where to find information and what is the aim of most Trojans. Their aim is simply to steal information or to act as a Bot in a Botnet. Please note that this article has been written for learning purposes and not for complex functionality. In the early days, there were many incidents where users received emails with malicious CHM (Microsoft Compiled HTML Help) and DOC (Microsoft Office Word Document) attachments containing Trojan Riler which is also known as BackDoor-BCB.
So I have decided to impart some of my knowledge on Forensics in order to complete this tutorial, writing Introduction to Malware Techniques and Logics. The tutorial will cover different issues:
How to decompile .CHM files.
How to detect and analyse the shellcode
How to dump the backdoor components
How to discover the communication protocol
I hope that this could begin a new chapter in the ongoing series of Reverse Engineering and Forensics guides from ARTeam and spark a new interest. Today's topic will go over Introduction to Malware Techniques and Logics.
This paper attempts to document an approach on how the malware developers make use of the Macros and vulnerabilities to install malicious software on the vulnerable machine. We hope this document will help the future Reverse Engineers and Forensics guys / gals to conduct a more viable and comprehensive research.
This article does not claim to be complete, exclusivity and is geared towards beginners.