HANDS ON STATIC ANALYSIS 🧑‍💻

Get Malware samples which you want and download it (Go snd copy paste it to browser to download) - Malware
Download HXD to configure the keywrods and paste the malware file on it.
Find keywords - 4D,5A,MZ,This program cannot be run on DOS mode
If these keywords the file may have then it is a malware because if it is any kind like Jpeg,jpg,pdf,exe or anything else these keywords are there and it means it is executable.
if we do any changes like making jpeg to exe or anykind of changes, the file will not change❌

Checking file is which type of malware like trojan,virus or something else

Open Hashmyfiles

Drag and put the file on it👇 and copy🔗 the given line👍

After Copy the line 🔗 Paste it on virustotal in browser

It shows malware file details👍

If you want to search something like strings in malware file or anything you can use bintext (You can download the raw file from my added files)

Install it and open it up👇
Drag the file paste it here 👇 and you can search whatever you want yo know👍

Packing

Packing in malware is like wrapping it up in layers of disguise to make it harder for security tools to detect. It's a bit like putting a fancy cover on a book to hide its real content. The packed malware looks harmless at first glance, but once it's opened, its true harmful nature is revealed. It was attackers technique to hide files. neither any virustotal or any websites cannot detect it.

There are some popular packers like

UPX (Ultimate Packer for eXecutables)
PE compact
Themida
VM protect
Armadillo

Lets Know how we can do it

Encode (to know what pack it uses?)

Download exeinfo - https://exeinfo-pe.en.uptodown.com/windows

Drag and put it here 👇 and you can see that it is UPX

Decode (making unpack and spot difference)

Download cmder - https://cmder.app/

Run ls

Open the folder were you saved malware file cd malware

Now you are in malware folder so run ls

Copy and paste filename or type ( upx -d -o newfilename filename ) and RUN it

-d for making changes
-o for output

After that file will be changed and they are same but you can spot the difference by the file size like

(Same file name)packed malware file = 12 kb
(same file name)unpacked malware file = 54 kb

Results

It have all these keywords 4D,5A,MZ,This program cannot be run on DOS mode So it is a malware amd executable✅
if we make changes on it its still executable✅
It uses UPX for Packing✅
A malware after packing could be denoted by file size✅

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
README.md		README.md
bintext303.zip		bintext303.zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

HANDS ON STATIC ANALYSIS 🧑‍💻

Drag and put the file on it👇 and copy🔗 the given line👍

After Copy the line 🔗 Paste it on virustotal in browser

It shows malware file details👍

If you want to search something like strings in malware file or anything you can use bintext (You can download the raw file from my added files)

Packing

Lets Know how we can do it

Encode (to know what pack it uses?)

Decode (making unpack and spot difference)

Results

About

Releases

Packages

Tripati3000/static-ANALYSIS

Folders and files

Latest commit

History

Repository files navigation

HANDS ON STATIC ANALYSIS 🧑‍💻

Drag and put the file on it👇 and copy🔗 the given line👍

After Copy the line 🔗 Paste it on virustotal in browser

It shows malware file details👍

If you want to search something like strings in malware file or anything you can use bintext (You can download the raw file from my added files)

Packing

Lets Know how we can do it

Encode (to know what pack it uses?)

Decode (making unpack and spot difference)

Results

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages