Malware Reverse Engineering

Services - Incident Response & Forensics

The infection vectors like network-aware worms, trojans, DDoS agents, IRC Controlled bots, spyware are continuously increasing threat to various organizations. The intruders and malicious agents now use techniques like email harvesting, browser exploits, vulnerabilities in software products (MS Office, Adobe, etc.), operating system vulnerabilities, and P2P networks to spread. A relatively large percentage of the software that a normal internet user encounters in his online journeys can be malicious in some kind of way.

Organizations think that malware and trojans can be stopped by using antivirus software, spyware removal tools and other similar tools. However, this fortification is not always enough and there are times when a small, benign looking binary sneaks through all levels of protection and compromises confidential data giving a threat to organizations security.

We help the organization to sustain their CIA by applying “in-depth” approach to analyze and identify the characteristics, behavior and root cause of the malware.

Our Approach

Our approach involves the following steps:

Benefits

1. Our Reverse engineering experts can deliver the information necessary to determine the true extent of compromise
2. Discover and report indicators of compromise that will reveal other machines that have been affected by the same malware
3. Identify the vulnerability that was exploited to allow the malware to enter
4. Identify the intruder or insider that is responsible for installing the malware

Deliverables

Executive and Technical Report which includes:

1. File name, file type, file size, hashes, malware names (if known), current anti-virus detection capabilities
2. Characteristics of Malware: The capabilities of the malware for infecting files, self- preservation, spreading, leaking data, and interaction with command and control center
3. Dependencies of Malware: Files and network resources related to the malware’s functionality, like supported OS versions and required initialization files, custom DLLs, executables, URLs, and scripts
4. Static and dynamic analysis findings
5. Screenshots, graphs and charts, logs, and other that supports the analysis
6. Incident recommendations: Indicators for detecting the specimen on other systems and networks, and possible for eradication steps
7. Analytical tips for taking care in future
8. Summary of the analysis: Key takeaways that the reader should get from the report regarding the malware's nature, origin, capabilities, and other relevant characteristics