To be able to write or modify a program that analyzes the metadata of a packed program in an attempt to determine visualizable information about packed samples of malware, one has to have a deep understanding of how the Portable...

I recently gained access to VirusShare and downloaded 65,536 samples (00353.zip, for those interested). Due to my inability to search the way I expected to be able to for specific kinds of samples on VirusShare’s website, I decided to download...

Binary instrumentation is a technique that inserts extra code into a program to collect runtime information, as defined by this source. Intel PIN provides a rich library used to do just this.

Abstract

OllyDump

Lab summary questions Considering malware analysis as a whole, how important is it to a general aspiring analyst to complete this chapter’s exercises?

Chapter summary questions In two sentences or less, provide an overview of what this chapter is about. What are the three most important takeaways from this chapter? What problems does this chapter address? In other words, why should we care...

Lab summary questions Considering malware analysis as a whole, how important is it to a general aspiring analyst to complete this chapter’s exercises?