Article Preview
TopIntroduction
The threat that malicious software is causing to the digital world is growing rapidly. As per AV-TEST, the aggregate number of new malware tests is expected to outperform 700 million by 2020 (AV-TEST, 2020). It is nearly impossible to control such massive amount of malwares. Therefore, networking and security researchers are using malware identification and detection systems to detect the malwares which initially includes two stages that is detection and analysis. This can be achieved through static or dynamic or integrated approach. The main goal of malware analysis is to record and capture the properties which can be additionally used to improve the security measures and make evasion of malware as difficult as possible. Figure 1 shows the different classification of malwares and these malwares can be present in any form or category such as a script, a segment of code or any other binary. The purpose of malware is to get the control of the system, derange the services of computer systems, take back the available functions, rob the restricted information and damage the sources.
Figure 1. Classification of malware
Illegal applications sometimes act as protective cover for the malwares. Trying to gain access to this illegalised software from many websites may download the malware itself. In general, this case is possible and found in cracked/pirated software. These malicious software are not only operatable, executable source codes but can act as supportive downloaders for malicious files like portable document formats (PDF) or other links. As per VirusTotal, 47.80% of malicious files are executables (More than 100M files with original information; more than 16M portable executables from distinct URLs; more than 20M files with rich telemetry data; more than 700,000 emails for rich contextual information). So, the intention here is to dissect these executables. Numerous malwares are available, and they can be categorized into Trojan pony, Virus, Worm, Adware, and Backdoor. Few of them cannot be arranged into a particular group, because malwares have various attributes which helps them to coordinate in various classifications and at some point, they are referred as generalized malicious files. Malware files are dissected on the methods of dynamic and static techniques.
Figure 2. Records obtained from cybercrime magazine
Figure 2 shows us the statistical records gathered from the cybercrime magazines (Morgan, 2019) on the ransomware attacks on business. It is estimated that the total damage costs shall exceed 20 Billion by 2021 and expected to attack a business every 11 seconds by the end of 2021.
The three basic analysis methods to analyse malware are as follows.
Static Analysis
Static analysis is a method in which the executable documents and files are tested for malware without executing it in an environment that is dynamically controlled. Executable files have numerous statistical features such as segments and memory minimization. The PE file format is a library in python which removes static highlights even in the presence of executable records.
Dynamic Analysis
Dynamic analysis is a method in which the malicious records and files are broken down under powerfully controlled domains (dynamically controlled systems). When the malicious code enacts, it modifies the index key of the host and corrupts the working framework in the Operating System (OS). Cuckoo sandbox or Noriben can be made use of to conduct the dynamic examination of malicious files. The fundamental point to be noted here is to utilize the sandbox to separate the original framework from the testing environment and concentrate the required data from malware execution. These sandboxes provide us the total information about the malware file execution. These documents contain numerous sections and each of them deals with unique information. Few features obtained from reports are Registry keys, Files, Summary, Internet Protocol (IP) addresses and Domain Name System (DNS) Queries (Ijaz et.al, 2019) and many other features.