Introductory Malware Analysis Knowledge Base!

Purpose:

The purpose of the wiki is to provide a knowledge base on Malware Analysis techniques, tools and helpful infromation and resources. This Wiki is free and open source wiki for those wishing to learn about malware analysis. This wiki is for educational purposes.

This Wiki is still a work in progress.

⚠ Disclaimer – Read Before Proceeding

This wiki is intended for educational and research purposes only. Malware analysis is a high-risk activity that, if done improperly, can result in data loss, system compromise, or legal consequences.

The Dangers of Malware

1. System Infection & Data Loss

• Malware can escape sandbox environments if improperly contained.
• Running malware outside of a secure, isolated virtual machine (VM) can lead to:
  • Permanent system compromise.
  • Credential theft (passwords, banking info).
  • Data corruption or destruction.

2. Network Contamination

• Malware can spread laterally to other devices on the same network.
• Some strains, like ransomware and worms, automatically seek out new targets.
• Do not run malware on a networked machine unless properly firewalled and air-gapped.

3. Legal & Ethical Risks

• In many countries, possessing, running, or distributing malware without proper authorization is illegal.
• Unauthorized analysis or testing could result in legal action, even if unintentional.
• Never use malware analysis skills for unethical purposes.

4. Risks to Personal Safety & Reputation

• Some malware targets researchers, attempting to identify or retaliate against those who analyze it.
• Advanced threats (e.g., APTs) may monitor analysts and deploy anti-analysis techniques.
• If working with live malware, ensure your research setup is completely separate from your personal or work devices.

---

⚠ Some Safe Malware Analysis Guidelines

• Always use a virtual machine (VM) with snapshots.
• Disable network access unless needed for dynamic analysis.
• Use read-only removable media only if needed (USB or shared folders can be dangerous).
• Prefer controlled sandboxes like Cuckoo Sandbox, Any.Run, or FLARE VM.
• ** Don't analyze malware on your main computer or work system.**

---

Content Pages

• Introduction

Malware Properties:

• Malware Signatures
• Opportunistic & Targeted

Advanced Malware:

• Malware With Advanced Behavior
• Packers
• Polymorphic & Metamorphic
• Rootkits
• Shellcode & Thread-Injection
• Fileless Execution

Environment:

• Environment Setup
• Windows Registry

Analysis Techniques:

• Static Analysis
• Dynamic Analysis

---

Written by Oscar Ashburn

Bachelor of Computer Science, University of Waikato,

Current Masters of Computer Science Victoria University of Wellington.

Credits & References

This wiki is based on formal learning from various sources and studies:

• Course: Bachelor of Computer Science University of Waikato
• Course: Masters Of Computer Science Victoria University of Wellington
• Book: Practical Malware Analysis by Michael Sikorski, Andrew Honig February 2012
• Website: Virtual Box Manual