Malware Analysis
Call Sales: +41 22 560 68 41
ImmuniWeb® by High-Tech Bridge

High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

Malware Analysis Service

Malware Analysis

Reverse Engineering & Malware Analysis Expertise

Often during the forensic analysis of a cyber-crime incident, Trojan horses, viruses, worms, rootkits and other malware are detected. It is important to understand the behavior of a malware in order to trace the attackers, understand how the system was compromised and to find out which information was copied, deleted or modified.

When reverse engineering malware, High-Tech Bridge’s certified experts will analyze the behaviour and actions of malicious binaries. Malware can be an executable file, system library, LKM (Loadable Kernel Module) or binary patch for an operating system’s kernel. In some cases malware binaries can be protected by hackers from reverse engineering and encrypted – in this case, the first step of the investigation process is to bypass this protection.

Malware Analysis Methodology

Usually the following framework can be applied for malware reverse engineering and analysis:

  1. Creation of a secure sandbox (absolutely isolated and controlled environment)
  2. Implementation of network and local monitoring of the created sandbox
  3. Execution of malware on the sandbox
  4. Manipulation of all possible conditions in the sandbox to activate hidden functions of the malware
  5. Detailed analysis of all malware behavior and activities
  6. Preparation of conclusion and detailed report with results

Malware analysis is typically used to understand the activities of a Trojan horse, rootkit or backdoor on a compromised system, analyze the behavior of zombies and detect botnets.

What outcomes to expect from the analysis

It is very important to understand the following aspects of the analyzed malware during reverse engineering:

  1. Malware activation and start-up mechanisms
  2. Malware management and remote control mechanisms used by attackers
  3. Encryption algorithms used for communication with remote attacker (if any)
  4. All local modifications performed by the malware
    (e.g. files, file systems, registry, kernel, boot sectors of hard disks)
  5. All local activities performed by the malware
    (e.g. process creation and management, firewall and antivirus deactivation)
  6. All network activities performed by the malware
    (e.g. communication with zombie-center, spam, DDoS)

As all of the above-mentioned aspects are evaluated, our security experts can trace the attackers who control the malware and continue with their incident investigation process.

Reverse Engineering Service

A Reverse Engineering service is available to our customers wherein we complete a thorough malware analysis investigation by analyzing the malware’s executable code using specific disassembly and debugging tools.

Companies who develop their own applications may also request this service in order to carry out a security analysis of their internally-developed software, verify that any third party library does not contain a backdoor or simply to assess the resistance level of their protected software prior to its official release.

Reverse Engineering provides our clients with a detailed investigation into application protections, their encryption algorithms and any feature that may be used to prevent or slow down the analysis of a malicious program.