: Examining the binary or script without execution to find strings, headers, and potential packed signatures (e.g., UPX).
: Executing the malware in a controlled sandbox (like Cuckoo or Any.Run) to monitor real-time file system changes, network traffic, and API calls.
: Detailed observations of how the samples interact with a system, including attempts to override DNS settings, system shutdowns, and clipboard copying. ColonelYobo_2022_Nov-Dec.zip
The zip file is a collection of malware analysis reports and artifacts associated with the Fall 2022 Introduction to Information Security (CS 6035) curriculum at Georgia Tech. Overview of Content
The archive typically contains documentation and analysis for malware samples encountered during the November to December 2022 timeframe. Key elements often included in such write-ups are: : Examining the binary or script without execution
: Utilizing memory dump analysis to detect obfuscated malware that may not leave traces on the physical disk.
Write-ups of this nature generally employ several standard cybersecurity methodologies to extract information from the samples: The zip file is a collection of malware
: Documentation of how the malware attempts to bypass Personal Firewalls (PFW) or Host Intrusion Prevention Systems (HIPS).
We use cookies to improve your experience. Privacy Policy.
