Malware Analysis and Reverse Engineering

Abstract

Malware is a constantly growing threat to both individuals and organizations as it can be used to steal sensitive data, disrupt both minor and vital operations, and in some cases cause physical damage to hardware and even humans. Reverse engineering is a powerful tool for analyzing and understanding software, hardware and, in our case, malware. It allows analysts to disassemble and decompile the code to determine its functionality and identify vulnerabilities. In this thesis, we present a comprehensive study of malware analysis and reverse engineering techniques. We will begin by setting up a safe Lab environment, capable of protecting the analyst while also providing them the tools needed to do their job. The second part will be dedicated to Malware Analysis, starting with reviewing the history and types of malware, before delving deeper, with tools and techniques used in Static and Dynamic Analysis, code deobfuscation and closing with a concise workflow. The third part will be reviewing Reverse Engineering tools and techniques as well as its importance in a malware analyst’s repertoire. We also discuss the ethical concerns of malware analysis and reverse engineering, like the legal issues surrounding the possession and distribution of malware, as well as the importance of a professional approach to the matter. Finally, we will make a small statement about the future of Malware Analysis and Reverse Engineering and provide use cases that Machine Learning can be used to help the analysts secure an overall safer technological infrastructure. Our work serves as an introduction point for cybersecurity analysts and computer or software engineers that want to dig deeper into malware analysis.