diff --git a/public/s8ia1/malware-analysis.md b/public/s8ia1/malware-analysis.md index 3cc6de3..fb2285e 100644 --- a/public/s8ia1/malware-analysis.md +++ b/public/s8ia1/malware-analysis.md @@ -34,9 +34,7 @@ - **Types of Analysis**: - **Static Analysis**: Involves examining the malware without executing it, using tools to inspect the code, structure, and resources to infer its behavior. - **Dynamic Analysis**: Observes the malware in a controlled environment to monitor its behavior, system interactions, and network traffic in real-time. - - **Tools and Techniques**: Utilizes a variety of tools, including - - disassemblers, debuggers, and sandbox environments, to safely examine and understand the malware's inner workings. + - **Tools and Techniques**: Utilizes a variety of tools, including disassemblers, debuggers, and sandbox environments, to safely examine and understand the malware's inner workings. - **Outcome**: The insights gained from malware analysis contribute to developing stronger security measures, malware detection signatures, and understanding attack strategies to better defend against future threats. 6. **List and explain in brief malware analysis techniques** @@ -106,9 +104,7 @@ - **File Signature Analysis**: Checking the file's signature against a database of known malware signatures to quickly identify known threats. This includes examining the file's header for magic numbers that indicate file types. - **Hash Analysis**: Computing cryptographic hashes (e.g., MD5, SHA-1, SHA-256) of files and comparing them to known hashes of malware samples. Unique hashes can indicate new or modified malware. - **Anomaly Detection**: Identifying deviations from normal file structures or behaviors, such as unusual file sizes, unexpected embedded files, or atypical sections, which may suggest malicious intent. - - **File Dependency Analysis**: Examining external dependencies, such as DLLs, to understand how the malware interacts with the - - operating system and other software components. + - **File Dependency Analysis**: Examining external dependencies, such as DLLs, to understand how the malware interacts with the operating system and other software components. - **Heuristic Analysis**: Employing heuristic rules to identify suspicious characteristics or behaviors within files that may indicate malware, even if the exact signature is unknown. This can include the presence of packed or encrypted sections, the use of known malicious functions, or attempts to modify system settings. 16. **What is signature-based malware detection? Explain with example**