When performing malware analysis, our certified analysts begin the analysis process by seeking to identify:
Once our analysts have established that a compromise has taken place and identified the malicious code, we use advanced static tools to ascertain specific information about the malware, including:
After analyzing the identified malware with advanced static tools, we further analyze the identified malware with advanced dynamic tools to determine the malware’s specific behavior. If the malware was packed or obfuscated, we will unpack and/or de-obfuscate the malware, allowing us to determine exactly what file systems and registry keys that malware modifies in pursuant of achieving its malicious ends and with whom those ends are communicated.
Advanced malware can make malware analysis much more difficult by requiring the use certain, custom command line options and passwords and detecting virtualization, debuggers and analysis tools. In the event we identify advanced malware, our analysts perform code analysis to gain insight to the code. Using the insight, our analysts modify and manipulate the malware code to allow for it to be executed in a controlled environment, allowing it’s full intent and behavior to be discerned.
The final step of our analysis leverages all of the information gathered above to achieve the end goal of malware analysis: full remediation. The specificity of the information we collect allows us to fully remediate with as minimal as possible an impact on business operations.