Packt+ | Advance your knowledge in tech

0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Learning Malware Analysis

You're reading from Learning Malware Analysis Explore the concepts, tools, and techniques to analyze and investigate Windows malware

Product type Paperback

Published in Jun 2018

Publisher

ISBN-13 9781788392501

Length 510 pages

Edition 1st Edition

Concepts

Malware Analysis

Author (1):

Monnappa K A

View More author details

Table of Contents (19) Chapters

Title Page

Copyright and Credits

Dedication

Packt Upsell

Contributors

Preface

1. Introduction to Malware Analysis FREE CHAPTER

2. Static Analysis

3. Dynamic Analysis

4. Assembly Language and Disassembly Primer

5. Disassembly Using IDA

6. Debugging Malicious Binaries

7. Malware Functionalities and Persistence

8. Code Injection and Hooking

9. Malware Obfuscation Techniques

10. Hunting Malware Using Memory Forensics

11. Detecting Advanced Malware Using Memory Forensics

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

1. Detecting Code Injection

If you recall from Chapter 8, Code Injection and Hooking, code injection is a technique used for injecting malicious code (such as EXE, DLL, or shellcode) into legitimate process memory and executing the malicious code within the context of a legitimate process. To inject code into the remote process, a malware program normally allocates a memory with a protection of Read, Write, and Execute permission (PAGE_EXECUTE_READWRITE), and then injects the code into the allocated memory of the remote process. To detect the code that is injected into the remote process, you can look for the suspicious memory ranges based on the memory protection and content of the memory. The compelling question is, what is the suspicious memory range and how do you get information about the process memory range? If you recall from the previous chapter (in the Detecting Hidden DLL using ldrmodules section), Windows maintains a binary tree structure named Virtual Address Descriptors (VADs...

The rest of the chapter is locked

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at £13.99/month. Cancel anytime

Authors (1)

Monnappa K A

Monnappa K A

Monnappa K A works for Cisco Systems as an information security investigator focusing on threat intelligence and the investigation of advanced cyber attacks. He is a member of the Black Hat review board, the creator of Limon Linux sandbox, the winner of the Volatility plugin contest 2016, and the co-founder of the Cysinfo cybersecurity research community. He has presented and conducted training sessions at various security conferences including Black Hat, FIRST, OPCDE, and DSCI. He regularly conducts training at the Black Hat Security Conference in USA, Asia, and Europe.

See other products by Monnappa K A

Other recommended products

Related to this chapter

Mastering Assembly Programming

Mastering Assembly Programming

The Assembly language is the lowest level human readable programming language on any platform. Knowing the way things are on the Assembly level will help developers design their code in a much more elegant and efficient way. This book will take readers on a journey to mastering the Assembly language.

Sep 2017 9h 40m

Antivirus Bypass Techniques

Antivirus Bypass Techniques

Antivirus Bypass Techniques follows a unique approach that will help you explore the security landscape, understand the fundamentals of antivirus software, and put antivirus bypass techniques to use. This book will enable you to bypass antivirus software solutions in order to develop efficient antivirus software.

Mastering Reverse Engineering

Mastering Reverse Engineering

Reverse engineering is a tool used for analyzing software, to exploit its weaknesses and strengthen its defenses. Hackers use reverse engineering as a tool to expose security flaws and questionable privacy practices. This book helps you to master the art of using reverse engineering.

Oct 2018 14h 32m

Mastering Malware Analysis

Mastering Malware Analysis

Malware analysis is a powerful investigation technique widely used in various security areas including digital forensics and incident response processes. Working through practical examples, you'll be able to analyze any type of malware you may encounter within the modern world.

Jun 2019 18h 44m

Preventing Ransomware

Preventing Ransomware

Ransomware is the most critical threat and its intensity has grown exponentially in recent times. This book provides comprehensive, up-to-the-minute details about different kinds of ransomware attack as well some notable ones from the past. It also talks about different aspects of cyber security that can help you prevent ransomware attacks.

Mar 2018 8h 52m

Malware Analysis Techniques

Malware Analysis Techniques

Comprehensive threat analysis is important for incident responders as it helps them to ensure that a threat has been entirely eliminated. This book shows you how to quickly triage, identify, attribute, and remediate threats with proper analysis techniques, and guides you in implementing your knowledge to prevent further incidents.

Jun 2021 9h 24m

Binary Analysis Cookbook

Binary Analysis Cookbook

Binary Analysis is a complex and constantly evolving topic, crossing into several realms of IT and information security. The recipes in this book will serve as a good reference for you to get a better understanding of various aspects related to analyzing malware, identifying vulnerabilities in code, exploit writing and reverse engineering.

Sep 2019 13h 12m

Ghidra Software Reverse Engineering for Beginners

Ghidra Software Reverse Engineering for Beginners

Ghidra is the NSA's state-of-the-art reverse engineering framework. It is open source, allowing the community to extend it with impressive range of features. This book offers a comprehensive introduction to anyone new to the Ghidra reverse engineering framework and malware reverse engineering.

Jan 2021 10h 44m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m