What this book covers

Chapter 1, Down the Rabbit Hole, prepares you for the challenges ahead by reviewing some essential computing concepts, which must be mastered before you commence analysis of malware. You will explore number bases, binary arithmetic, and boolean algebra. This chapter also covers the malware analysts' toolkit and introduces IDA Pro, the Portable Executable format, and instances of reverse engineering program binaries on the Windows platform. This will set the pace for the activities in the chapters ahead.

Chapter 2, Dancing with the Dead, covers x86 assembly programming using VC++ 2008 and MASM32. You will then proceed with x86 disassembly of compiled code binary and analysis thereof in VC++ IDE. Finally, you will explore the myriad configurations in order to do assembly programming in the VC++ environment and end with a detailed overview of common data structures and code constructs in the C and x86 assembly.

Chapter 3, Performing a Séance Session, demonstrates a complete end-to-end malware analysis of real-world destructive malware. You will get unprecedented insight into an analysis session along with configurations, tips and tricks, and step-by-step progression towards a full analysis, right up to signature generation and report creation for the entire set of malware samples.

Chapter 4, Traversing Across Parallel Dimensions, delves into kernel-mode concepts and the fundamentals of Windows internals, which will help you with your analysis and understanding of the overall framework you are dealing with. You will work with IDA Pro and Windbg as the primary weapons for kernel mode analysis.

Chapter 5, Good versus Evil – Ogre Wars, rounds off the earlier excursions with a general set of devices—from the configuration of the Linux virtual machine guest for wiretapping the network activity of malware, to exploring XOR deobfuscations programmatically. Thereafter, you will revisit malware analysis with a different target—malicious web scripts, and you will learn how the innards are picked one by one, gathering information about the exploits used, the various infection vectors, dealing with obfuscated JavaScript and working with a rather familiar set of new tools. You will also be introduced to Mandiant Redline for malware forensics, and finally end the tour with a discussion of bytecode decompilation utilities and open source tools for malware intelligence gathering.