Secfence Technologies

EXPRESS MALWARE ANALYSIS: Accurate, No frills, In-depth.

Malware are the most prevalent and profiting cybercrime venture in play which is a pan global operation resulting in the loss of important information, infrastructure services and thus impacting the business of an infiltrated organization in adverse ways.

But, I am protected!

Mitigation is provided by installation of anti-virus software among other security installations, so that the perimeter is prevented from being breached. While effective to a small degree, the signature based approach is automated for the most part and not really customised for providing the related technical analysis and the mitigation measures beyond the subscription model and the update downloads. Thus a dichotomy exists between the client and the provider.

We focus on the core technical analysis along with mitigation measures resulting in a detailed customised report along with requisite assets so that your understanding of the malware remains second to none, as well as getting a good business perspective on the kind of impact that it may have on your organizationsí services under the adverse circumstances. Coupled with delivery on time, we can assure you of the importance of such information for your organization, especially when you might need it.





THE REGULAR MALWARE ANALYSIS SERVICE PROCESS

The usual methodology is to utilise a readymade sandbox based reporting software to get the instrumented dynamic analysis details compiled to a text based log. While getting many of the details in case of expected analysis of the samples runtime behaviour, much of the modern malware can evade or remain dormant in such virtual emulators. Also activation mechanisms like malware commandline switches, encryption analysis, decryption layers identification, unpacking, detailed code descriptions and much of the intricacies of this process have not been fully automated. That AI technology does not exist as of now. What you normally get as a report is just a long list of instrumented data, not the intelligence from it. Its time intensive to do malware analysis and requires priority analysis resources rather than pipelining them into a data collection system and deliver that output. We might go as far and say you are getting ripped off, unless itís free!.

OUR EXPRESS MALWARE REPORTING SERVICES METHODOLOGY

Now we like to do analysis fast and detailed. So how do we achieve it? Our analysts have anti-virus industry experience and are well acquainted with the industry specific analyses and workflow processes.
In addition you get the following in the final deliverables:

Structured approach to malware reporting - abstract, static + dynamic analysis, mitigation measures, conclusion and appendix of related logs and context specific information.

Static analysis includes unpacked code, detailed range of encrypted data and the memory ranges used during the unpacking/decryption process, the final payload in memory, the stack and memory dumps of the process, relevant API calls and their calling address and arguments, strings analysis, unreachable code analysis, anti-debug/ disassembly/VM analysis, threads analysis, memory dumping and malware PE rebuilding.

Dynamic analysis includes detailed and filtered logs of API usage, filesystem interaction, registry usage, networking activities and APIís used. In this phase we get the payloads, .pcap files for packet analysis.

Memory Forensics includes any hooking or rootkit related information, along with hidden processes and services as well as malicious injected threads, or hollowed processes. In general a complete memory related profile that fits the bill.

Packet analysis for malware analysis includes the detailed description of the packets captured during the analysis sessions. You get the protocol information and idea of the network stack along with DNS queries and IP addresses, as well as any binary data exchanged.


Malware Analysis Process

CLIENT REQUISITES

You need to provide us with a sample you need analysed or alternatively make a specific reference to a malware hash. We will procure the sample if required and analyze it for you.
Additionally you can make a list of things you specifically need analysed based on your prior interaction with the malware sample. It also definitely helps us if you can provide us with your own initial analysis in a basic text based format along with other assets you may have gathered.
All interactions are kept confidential.

DELIVERABLES

Within the specified response time, we provide you with an in-depth report describing the malware technical details and malicious activities that we have analysed. The exact methodology involves quite a lot technical details to understand on your part as well. Hence we focus on the CONTEXT, THREAT DESCRIPTION and MITIGATION MEASURES rather than how the analyst reached at that particular inference, as we use many proprietary tools and methods. Thus you get a well balanced, visually attractive high density technical report with no fluff.

ALREADY HAD A PRIOR ANALYSIS SERVICE AVAILED OF?

We surmise you might have not got the amount of relevant and hidden information in your report. We are aware of the current trend of quick automated reports with minimal intelligence gathering. If you think you can do better, try us out and see the difference for yourself. You might be pleasantly surprised.

Next Steps

Contact Us for more details and a quick non-obligatory quote and schedule a meeting. If required, we can also send some of our previous non-confidential reports as sample.



Other Services
Twitter Feed
    Follow on Twitter