Malware analysis for windows administrators
نویسنده
چکیده
Malware is continually evolving, and anti-virus vendors have a hard time keeping up. In some cases, the vendors may opt not to include a signature for a particular piece of malware. However, this does not prevent Windows administrators from using freeware tools and techniques to analyze the files and develop their own prevention and detection mechanisms. Purpose The purpose of this article is to provide Windows administrators with tools and techniques that can be used to analyze suspicious files found on their systems. This analysis can lead to security mechanisms that can be implemented to protect the network infrastructure.
منابع مشابه
The Cousins of Stuxnet: Duqu, Flame, and Gauss
Stuxnet was the first targeted malware that received worldwide attention for causing physical damage in an industrial infrastructure seemingly isolated from the online world. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing ...
متن کاملDesign and Development of a Command-line Tool for Portable Executable File Analysis and Malware Detection in IoT Devices
Recently, Microsoft unveiled a new operating system called Windows 10. As it is highly expected that Windows 10 will play a significant role in the Internet of Things era, the Portable Executable (PE) format is drawing attention even more widely than before. PE is a standard file format for executables and object code used in MS Windows operating systems. Since a number of various malwares have...
متن کاملInternals of Windows Memory Management (not only) for Malware Analysis
This document presents insights from extensive reverse engineering efforts of the memory management mechanisms of Windows XP. The focus lies on (1) the mechanisms which are used to map executable modules into the address space and (2) the role of the page fault handler in this context.
متن کاملDetection of Malware and Malicious Executables Using E-Birch Algorithm
Malware detection is one of the challenges to the modern computing world. Web mining is the subset of data mining used to provide solutions for complex problems. Web intelligence is the new hope for the field of computer science to bring solution for the malware detection. Web mining is the method of web intelligence to make web as an intelligent tool to combat malware and phishing websites. Ge...
متن کاملMalware Detection using Windows API Sequence and Machine Learning
Monitoring the behavior of program execution at run-time is widely used to differentiate benign and malicious processes executing in the host computer. Most of the existing run-time malware detection methods use the information available in Windows Application Programming Interface (API) calls. The proposed malware detection system uses the Windows API call sequence. A 3rd order Markov chain (i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Digital Investigation
دوره 2 شماره
صفحات -
تاریخ انتشار 2005