When performing malware analysis, our certified analysts begin the analysis process by seeking to identify:

INDICATORS OF COMPROMISE

  • Command and control (CnC) communications
  • Persistence
  • File system modifications
  • Registry key modifications

FUNCTIONALITY

Functionality, capabilities, level of sophistication and intentions of malicious code.

LEVEL OF RISK

Level of risk the malicious code poses to enterprise assets and processes.

EXTENT OF COMPROMISE

Extent of compromise for malicious code that infiltrated the enterprise environment.

Once our analysts have established that a compromise has taken place and identified the malicious code, we use advanced static tools to ascertain specific information about the malware, including:

HASHES OF MALWARE FILES

MALWARE SIGNATURES

COMPILATION DATES

STATE OF THE MALWARE

packed or obfuscated

DOMAIN NAMES

IP ADDRESSES

COMMAND LINE PARAMETERS

PASSWORDS

After analyzing the identified malware with advanced static tools, we further analyze the identified malware with advanced dynamic tools to determine the malware’s specific behavior. If the malware was packed or obfuscated, we will unpack and/or de-obfuscate the malware, allowing us to determine exactly what file systems and registry keys that malware modifies in pursuant of achieving its malicious ends and with whom those ends are communicated.

Advanced malware can make malware analysis much more difficult by requiring the use certain, custom command line options and passwords and detecting virtualization, debuggers and analysis tools. In the event we identify advanced malware, our analysts perform code analysis to gain insight to the code. Using the insight, our analysts modify and manipulate the malware code to allow for it to be executed in a controlled environment, allowing it’s full intent and behavior to be discerned.

The final step of our analysis leverages all of the information gathered above to achieve the end goal of malware analysis: full remediation. The specificity of the information we collect allows us to fully remediate with as minimal as possible an impact on business operations.