Practical Malware Analysis Lab7

本文介绍了对两个Windows恶意服务程序的分析,包括一个DDoS攻击程序和一个PE文件篡改的后门。DDoS攻击程序通过创建自启动服务,并利用定时器触发20个线程不断访问目标URL。另一个程序遍历C盘,篡改.exe文件导入表,使它们链接到伪造的kernel32.dll,实现后门功能。
摘要由CSDN通过智能技术生成

前言

给出的恶意程序都是十分简单的类型,几乎没有阻止分析的手段,且IDA的反编译结果可读性十分好,只能说是用来了解一波恶意代码编程的方法和思路了。

Lab7-1

主要是Windows服务程序,可参考以下资料了解windows服务

1.http://soft.chinabyte.com/os/368/12251368.shtml

2.https://onew.me/2018/10/08/windows-service/index.html

3.https://docs.microsoft.com/zh-cn/windows/desktop/Services/service-programs

服务程序的关键函数:

  • StartServiceCtrlDispatcher,将服务的主线程连接到SCM的服务进程中
  • ServiceMain,服务的代码,操作系统调用的回调函数
  • RegisterServiceCtrlHandler,注册服务的CtrlHandler函数,返回服务句柄
  • CtrlHandler,SCM调用的回调函数,用这个函数来改变服务的状态
  • SetServiceStatus,更新SCM中正在调用的服务状
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. You'll learn how to: Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back. Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值