![]() Depending on the malware, this may not work. ![]() When possible I try to use VMWare for my analysis machine. The first thing you need to do is make sure you have a system that mirrors your environment, this is easier if you have a standard desktop build. When doing this type of analysis, we are just looking at the changes it made to the system and not specifically determining the capabilities of the software. Since you can only submit one file to these websites, I needed to do the analysis on my own. exe and its specially crafted desktop.ini before it will execute. It appears that it needs the presence of both the. I needed to find indicators of infection for a mariposa variant and both sites would not analyze it. Lately I’ve been running into malware that doesn’t play nicely with analysis websites like CWsandbox or Norman. ![]() Posted on ApUpdated on September 13, 2011 Quick and Dirty Malware Analysis with Process Monitor ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |