A Survey on Malware Analysis

Abstract: Software that “deliberately fulfils the harmful intent of an attacker” is referred to as malicious software or malware. Malware is today one of the biggest security threats to the Internet. Malware refers to any binary or executable that is malicious. Viruses, worms, trojans, backdoors and adware are a few examples that fall under the umbrella of malware. Malware analysis is the process of analysing a malware sample/binary and extracting as much information as possible from it. The information we extract helps us understand the scope of the functionality of the malware, how the software was infected with the malware and how to defend against similar attacks in the future. Malware analysis experiments were carried out using the two techniques of malware analysis which are Static and Dynamic analysis. Static analysis is the process of analysing malware without executing or running it. The objective is to extract as much metadata from the malware as possible. Dynamic analysis is the process of executing malware and analysing its functionality and behavior. The objective is to investigate techniques that are used in order to effectively perform malware analysis and detection on enterprise systems to reduce the damage of malware attacks on the operation of organization’s and to understand exactly how and what the malware does during the execution. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malwares. The results showed that dynamic analysis is more effective than static analysis. Both the techniques are used for a comprehensive malware analysis and detection.

Keywords: Malware, Static analysis, dynamic analysis and Obfuscation.