ABSTRACT
Malicious software (or malware) is defined by its explicit purpose of causing harm to a computer network, to individual systems, or to their users. This chapter presents a number of topics about malicious software targeting the “traditional” personal computer architecture (i.e. for x86-based computers) and systems based on the Windows OS. The motivation behind this chapter is the current state of the computing landscape and the increasing impact of malware attacks, as demonstrated by three major incidents (i.e. the WannaCry and NotPetya ransomware and the Mirai botnet) of the late 2010s. Setting the foundation for this presentation, what constitutes malicious behavior and seven general behavioral categories will be defined. Next, the malware incident response procedure and its informational needs will be discussed to provide the general context of the malware analysis process. Aside from that, the topic of evasion techniques will also be covered as to provide further context to some of the malware analysis steps and to the usage of specific tools. Afterward, the three steps of the malware analysis process will be presented, followed by a demonstration of their application on a WannaCry ransomware sample.
