UC-15 Malware Analysis Using Reverse Engineering

The motivation for this project is driven by evaluation of the different tools on the market that allow for breaking down executables or binary files, and understanding what the malware is doing. By reverse-engineering the malware, we can understand its impact and how to protect against it. Our focus is to understand where different tools are stronger than others, as well as understand the evolving landscape of malware and security overall. For this capstone project, we utilized two different tools and many sample malware files. The methods used to debug the malware are detailed in our milestone two report and will be expanded upon in our final presentation. At this point, we\u27ve found the tool WinDbg to be the most versatile for binary and executable debugging. We also evaluated IDA Pro, and understand the many ways in which its graphical display of data and relationships, equips a researcher with the necessary tools and information to walk through an executable. Our focus in milestone 3 is to expand our documentation and guide on malware debugging to the point that it provides a user the full breadth of information and steps needed to start from scratch and end with a broken apart piece of malware. We provided much of this as part of the milestone 2 presentation and report, but we will continue to build on it so it\u27s a useful how-to guide for anyone trying to debug a piece of malicious code.Advisors(s): Dr. Ying Xie [email protected](s): SecurityIT 498