0

All Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Free Learning

Mastering Malware Analysis

You're reading from Mastering Malware Analysis The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks

Product type Paperback

Published in Jun 2019

Publisher Packt

ISBN-13 9781789610789

Length 562 pages

Edition 1st Edition

Languages

Python

Concepts

Malware Analysis

Authors (2):

Alexey Kleymenov

Amr Thabet

View More author details

Table of Contents (18) Chapters

Title Page

Copyright and Credits

About Packt

Contributors

Preface

1. A Crash Course in CISC/RISC and Programming Basics FREE CHAPTER

2. Basic Static and Dynamic Analysis for x86/x64

3. Unpacking, Decryption, and Deobfuscation

4. Inspecting Process Injection and API Hooking

5. Bypassing Anti-Reverse Engineering Techniques

6. Understanding Kernel-Mode Rootkits

7. Handling Exploits and Shellcode

8. Reversing Bytecode Languages: .NET, Java, and More

9. Scripts and Macros: Reversing, Deobfuscation, and Debugging

10. Dissecting Linux and IoT Malware

11. Introduction to macOS and iOS Threats

12. Analyzing Android Malware Samples

1. Other Books You May Enjoy

Assembly languages

There are two big groups of architectures defining assembly languages that we will cover in this section, and they are Complex Instruction Set Computer (CISC) and Reduced Instruction Set Computer (RISC).

CISC versus RISC

Without going into too many details, the main difference between CISC assemblies, such as Intel IA-32 and x64, and RISC assembly languages associated with architectures such as ARM, is the complexity of their instructions.

CISC assembly languages have more complex instructions. They focus on completing tasks using as few lines of assembly instructions as possible. To do that, CISC assembly languages include instructions that can perform multiple operations, such as mul in Intel assembly, which performs data access, multiplication, and data store operations.

In the RISC assembly language, assembly instructions are simple and generally perform only one operation each. This may lead to more lines of code to complete a specific task. However, it may also be more efficient, as this omits the execution of any unnecessary operations.

Types of instructions

In the following sections, we will cover the main structure of each assembly language, the three basic types of assembly instructions, and how they are translated into each of these languages:

Data manipulation:
- Arithmetic manipulation
- Logic and bit manipulation
- Shifts and rotations
Data transfers:
- Transfers between memory and registers
- Transfers between registers
Execution of flow control:
- Jumps or calls
- Branches based on a condition

You have been reading a chapter from

Mastering Malware Analysis

Published in: Jun 2019

Publisher: Packt

ISBN-13: 9781789610789

© 2019 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Authors (2)

Alexey Kleymenov

Alexey Kleymenov

Alexey Kleymenov started working in the information security industry in his second year at university and now has more than 14 years of practical experience at several international cybersecurity companies. He is a malware analyst and software developer who is passionate about reverse engineering, automation, and research. Alexey has taken part in numerous investigations analyzing all types of malicious samples, has developed various systems to perform threat intelligence activities in the IT, OT, and IoT sectors, and has authored several patents. Alexey is a member of the (ISC)² organization and holds the CISSP certification. Finally, he is a founder of the RE and More project, teaching people all over the world how to perform malware analysis in the most efficient way.

See other products by Alexey Kleymenov

Amr Thabet

Amr Thabet

Amr Thabet is a malware researcher and an incident handler with over 10 years of experience. He has worked in several Fortune 500 companies, including Symantec and Tenable. Currently, he is the founder of MalTrak, providing real-world in-depth training in malware analysis, incident response, threat hunting, and red teaming to help the next generation of cybersecurity enthusiasts to build their careers in cybersecurity. Amr is also a speaker and trainer at some of the top security conferences all around the world, including Blackhat, DEFCON, Hack In Paris, and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.

See other products by Amr Thabet

Other recommended products

Related to this chapter

Learning Malware Analysis

Learning Malware Analysis

Malware analysis and memory forensics are powerful analysis and investigation techniques used in reverse engineering, digital forensics, and incident response. This book teaches you the concepts, tools, and techniques to determine the behavior and characteristics of malware using malware analysis and memory forensics.

Jun 2018 17h 0m

Antivirus Bypass Techniques

Antivirus Bypass Techniques

Antivirus Bypass Techniques follows a unique approach that will help you explore the security landscape, understand the fundamentals of antivirus software, and put antivirus bypass techniques to use. This book will enable you to bypass antivirus software solutions in order to develop efficient antivirus software.

Mastering Assembly Programming

Mastering Assembly Programming

The Assembly language is the lowest level human readable programming language on any platform. Knowing the way things are on the Assembly level will help developers design their code in a much more elegant and efficient way. This book will take readers on a journey to mastering the Assembly language.

Sep 2017 9h 40m

Mastering Reverse Engineering

Mastering Reverse Engineering

Reverse engineering is a tool used for analyzing software, to exploit its weaknesses and strengthen its defenses. Hackers use reverse engineering as a tool to expose security flaws and questionable privacy practices. This book helps you to master the art of using reverse engineering.

Oct 2018 14h 32m

Penetration Testing with Shellcode

Penetration Testing with Shellcode

Security has always been a major concern for your application, your system, or your environment. This book's main goal is to build your skills for low-level security exploits, finding vulnerabilities and covering loopholes with shellcode, assembly, and Metasploit.

Feb 2018 11h 32m

Malware Analysis Techniques

Malware Analysis Techniques

Comprehensive threat analysis is important for incident responders as it helps them to ensure that a threat has been entirely eliminated. This book shows you how to quickly triage, identify, attribute, and remediate threats with proper analysis techniques, and guides you in implementing your knowledge to prevent further incidents.

Jun 2021 9h 24m

Ghidra Software Reverse Engineering for Beginners

Ghidra Software Reverse Engineering for Beginners

Ghidra is the NSA's state-of-the-art reverse engineering framework. It is open source, allowing the community to extend it with impressive range of features. This book offers a comprehensive introduction to anyone new to the Ghidra reverse engineering framework and malware reverse engineering.

Jan 2021 10h 44m

Binary Analysis Cookbook

Binary Analysis Cookbook

Binary Analysis is a complex and constantly evolving topic, crossing into several realms of IT and information security. The recipes in this book will serve as a good reference for you to get a better understanding of various aspects related to analyzing malware, identifying vulnerabilities in code, exploit writing and reverse engineering.

Sep 2019 13h 12m

Preventing Ransomware

Preventing Ransomware

Ransomware is the most critical threat and its intensity has grown exponentially in recent times. This book provides comprehensive, up-to-the-minute details about different kinds of ransomware attack as well some notable ones from the past. It also talks about different aspects of cyber security that can help you prevent ransomware attacks.

Mar 2018 8h 52m

Modern Computer Architecture and Organization

Modern Computer Architecture and Organization

A no-nonsense, practical guide to help you learn the current and future processor and computer architectures that will enable you to design computer systems and develop better software applications across a variety of domains.

Apr 2020 18h 40m

Practical Mobile Forensics

Practical Mobile Forensics

Covering up-to-date mobile platforms, this book focuses on teaching you the most recent tools and techniques for investigating mobile devices. Readers will delve into a variety of mobile forensics techniques for iOS 11-13, Android 8-10 devices, and Windows 10.

Apr 2020 13h 20m

Practical Mobile Forensics

Practical Mobile Forensics

Mobile phone forensics is the science of retrieving data from a mobile phone under forensically sound conditions. This book is an update to Practical Mobile Forensics, Second Edition and it delves into the concepts of mobile forensics and its importance in today's world.

Jan 2018 13h 24m

Personalised recommendations for you

Based on your interests and search pattern

Cloud Security Handbook

Cloud Security Handbook

This book provides complete coverage of every cloud security aspect—from initial design to ongoing maintenance. Packed with best practices, it helps you smoothly transition to the public cloud, while keeping your environments secure and compliant.

Apr 2025 16h 4m

CompTIA CySA+ (CS0-003) Certification Guide

CompTIA CySA+ (CS0-003) Certification Guide

Prepare for CompTIA CySA+ (CS0-003) exam with this study guide—covering security ops, incident response, and vulnerability management in depth to level up your cybersecurity career. Includes exam-style questions, 2 practice tests, and flashcards.

Apr 2025 24h 44m

Cyber Security Kill Chain - Tactics and Strategies

Cyber Security Kill Chain - Tactics and Strategies

Learn how the cyber kill chain, a structured model that outlines the stages of a cyberattack, guides you through understanding threat actor behaviors and bolstering their ability to defend against evolving cyber threats.

May 2025 10h 16m