BC4014 Malware Analysis Syllabus:

BC4014 Malware Analysis Syllabus – Anna University PG Syllabus Regulation 2021

COURSE OBJECTIVES:

 To introduce the fundamentals of malware, types and its effects
 To enable to identify and analyse various malware types by static analysis
 To enable to identify and analyse various malware types by dynamic analysis
 To deal with detection, analysis, understanding, controlling, and eradication of malware

UNIT I INTRODUCTIONAND BASIC ANALYSIS

Goals of Malware Analysis, AV Scanning, Hashing, Finding Strings, Packing and Obfuscation, PE file format, Static, Linked Libraries and Functions, Static Analysis tools, Virtual Machines and their usage in malware analysis, Sandboxing, Basic dynamic analysis, Malware execution, Process Monitoring, Viewing processes, Registry snapshots, Creating fake networks

UNIT II ADVANCED STATIC ANALYSIS

X86 Architecture- Main Memory, Instructions, Opcodes and Endianness, Operands, Registers, Simple Instructions, The Stack, Conditionals, Branching, Rep Instructions, Disassembly, Global and local variables, Arithmetic operations, Loops, Function Call Conventions, C Main Method and Offsets. Portable Executable File Format, The PE File Headers and Sections, IDA Pro, Function analysis, Graphing, The Structure of a Virtual Machine, Analyzing Windows programs, Anti-static analysis techniques, obfuscation, packing, metamorphism, polymorphism.

UNIT III ADVANCED DYNAMIC ANALYSIS

Live malware analysis, dead malware analysis, analyzing traces of malware, system calls, api calls, registries, network activities. Anti-dynamic analysis techniques, VM detection techniques, Evasion techniques, , Malware Sandbox, Monitoring with Process Monitor, Packet Sniffing with Wireshark, Kernel vs. User-Mode Debugging, OllyDbg, Breakpoints, Tracing, Exception Handling, Patching

UNIT IV MALWARE FUNCTIONALITY

Downloaders and Launchers, Backdoors, Credential Stealers, Persistence Mechanisms, Handles, Mutexes, Privilege Escalation, Covert malware launching- Launchers, Process Injection, Process Replacement, Hook Injection, Detours, APC injection, YARA rule based detection

UNIT V ANDROID MALWARE ANALYSIS

Android Malware Analysis: Android architecture, App development cycle, APK Tool, APK Inspector, Dex2Jar, JD-GUI, Static and Dynamic Analysis, Case studies,

TOTAL: 45 PERIODS

PRACTICALS:

1. Experimentation on Initial Infection Vectors and Malware Discovery
2. Implementation on Sandboxing Malware and Gathering Information From Runtime Analysis
3. Implementation on Portable Executable (PE32) File Format
4. Implementation on Executable Metadata and Executable Packers
5. Experimentation on Malware Self – Defense, Compression, and Obfuscation Techniques
6. Experimentation on Malware behaviour analysis
7. Experimentation on analyzing Malicious Microsoft Office and Adobe PDF Documents
8. Experimentation on Mobile malware analysis
9. Experimentation on Packing and Unpacking of malware
10. Experimentation on Rootkit Anti Forensics and Covert Channels
11. Experimentation on Modern Rootkit Analysis
12. Experimentation on Malware traffic analysis

Implement of real time applications for the following malware analysis

1. Static analysis of malwares
2. Dynamic analysis of malwares.
3. Classification of malwares based on their behaviour.
4. Usage of tools to classify malware
5. Advanced malware analysis
6. Android malware analysis
7. Applying antivirus tools in various applications
8. Malware report documentation

TOTAL: 30 PERIODS

TOTAL: 45+30=75 PERIODS

COURSE OUTCOMES:

CO1:Understand the various concept of malware analysis and their technologies used.
CO2:Possess the skills necessary to carry out independent analysis of modern malware samples using both static and dynamic analysis techniques
CO3: Understand the methods and techniques used by professional malware analysts
CO4:To be able to safely analyze, debug, and disassemble any malicious software by malware analysis
CO5: Understand the concept of Android malware analysis their architecture, and App development

REFERENCES

1. Michael Sikorski and Andrew Honig, “Practical Malware Analysis” by No Starch Press, 2012,ISBN: 9781593272906
2. Bill Blunden, “The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System”, Second Edition, Jones & Bartlett Publishers, 2009.
3. Jamie Butler and Greg Hoglund, “Rootkits: Subverting the Windows Kernel” by 2005, Addison-Wesley Professional, ISBN:978-0-321-29431-9
4. Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse, “Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation”, 2014, ISBN: 978-1-118-78731-1
5. Victor Marak, “Windows Malware Analysis Essentials” Packt Publishing, O’Reilly, 2015, ISBN: 9781785281518
6. Ken Dunham, Shane Hartman, Manu Quintans, Jose Andre Morales, Tim Strazzere, “Android Malware and Analysis”, CRC Press, Taylor & Francis Group, 2015, ISBN: 9781482252194
7. Windows Malware Analysis Essentials by Victor Marak, Packt Publishing, 2015

Related posts:

  1. CE8502 Structural Analysis Syllabus
  2. CE8602 Structural Analysis II Syllabus
  3. EC3251 Circuit Analysis Syllabus
  4. AE8605 Experimental Stress Analysis Syllabus
  5. ME8692 Finite Element Analysis Syllabus
  6. CS8451 Design and Analysis of Algorithms Syllabus
  7. EE3251 Electric Circuit Analysis Syllabus
  8. EC3271 Circuit Analysis Laboratory Syllabus
  9. AR3302 Structural Systems and their Analysis Syllabus
  10. AR3023 Data Visualisation and Analysis Syllabus
  11. CN4011 Advanced Data Analysis Syllabus
  12. ST4001 Non-Linear Analysis of Structures Syllabus
  13. ST4005 Reliability Analysis of Structures Syllabus
  14. EV4003 Environmental System Analysis Syllabus
  15. ED4261 Simulation and Analysis Laboratory Syllabus
  16. ED4075 Mechanical Measurements and Analysis Syllabus
  17. ED4154 Vibration Analysis and Control Syllabus
  18. AO4251 Analysis of Composite Structures Syllabus
  19. IL4006 Design and Analysis of Algorithms Syllabus
  20. AM4006 Design and Analysis of Experiments Syllabus