Analyzing malware, or malicious software, is more of an art than a technique. Because of the wide nature of these products, there are limitless ways to hide functionality.
Some common tools for malware analysis include simple programs like strings. More complex analysis can be conducted by looking at the headers of executables with programs like PEiD and PeExplorer. Finally, the most complete analysis can be done with debuggers like IDA Pro and OllyDbg.
- Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1, by Paul Ducklin on October 11, 2013
- Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2, by Paul Ducklin on October 25, 2013
- Breaking Down the China Chopper Web Shell – Part I, by Tony Lee, Ian Ahl and Dennis Hanzlik, August 7, 2013
- Breaking Down the China Chopper Web Shell – Part 2, by Tony Lee, Ian Ahl and Dennis Hanzlik, August 9, 2013
- Police Story: Hacking Team’s Government Surveillance Malware, by Morgan Marquis-Boire, John Scott-Railton, Claudio Guarnieri, and Katie Kleemola, June 24, 2014
- HackingTeam 2.0: The Story Goes Mobile, Kaspersky Lab, June 24, 2014
- Shakacon #6 presentation: Fuck you Hacking Team, From Portugal with Love, by fG!, June 26 2014
- The "Hikit" Rootkit: Advanced and Persistent Attack Techniques (Part 1), by Ryan Kazanciyan, August 20, 2012
- The "Hikit" Rootkit: Advanced and Persistent Attack Techniques (Part 2), by Christopher Glyer, August 22, 2012
- An Analysis of PlugX, by Roman Vasilenko, December 17, 2013
- RSA Incident Response: Emerging Threat Profile - Shell_Crew, by EMC, January 2014
- Uroburos - Highly complex espionage software with Russian roots, by G Data SecurityLabs, February 2014
- Uroburos Rootkit Hook Analysis and Driver Extraction, SP Security Blog, March 20, 2014