Mobile Forensic Part 2 - Paiet/Mobile-Forensics GitHub Wiki

The basic components of most malware programs are:

1. Crypter - a software program that can conceal existence of malware. Attackers use this software to elude antivirus detection. The crypter encrypts the malicious file to avoid detection.
2. Downloader - type of Trojan that downloads other malware (or) malicious code from the Internet onto the PC.
3. Dropper - can contain unidentifiable malware code that antivirus scanners cannot detect and is capable of downloading additional files needed to execute the malware on a target system.
4. Exploit - it is the code the attackers use to breach the system’s security through software vulnerabilities.
5. Injector - program that injects the exploits or malicious code available in the malware into other vulnerable running processes and changes execution to hide or prevent its removal.
6. Obfuscator - a program to conceal the malicious code of a malware via various techniques.
7. Packer - software that compresses the malware file to convert the code and data of malware into an unreadable format.
8. Payload - part of the malware that performs the desired activity when activated.

Malware analysis techniques:

Static analysis is a basic analysis of the binary code and comprehension of the malware that explains its functions, without executing the code.

Techniques include:

• File fingerprinting
• Local and Online malware scanning
• Performing strings search
• Identifying packing/obfuscation methods
• Finding the portable executables (PE) information
• Identifying file dependencies Malware disassembly

Behavioral analysis or dynamic analysis deals with the study of malware behavior during installation, on execution and while running.