Some questions to be answered during Malware Analysis

 

Analysis means to study something. And so , the Malware analysis can be defined as "taking the malware apart to study it". While studying malware, our purpose must be to answer some of the questions. These questions may be classified into two groups. One, consistig of "bussiness questions" and other including "technical questions".

Bussiness questions may include the following key questions :-

1. What is the purpose of malware?
2. How to get rid of that malware?
3.  How did it get there?
4. Who may be targetting us?
5. What did they steal?
6. How long it has been here and infecting us?
7. Does it spread on its own?
8. How to find it on other machines?
9. How to prevent this to infect us any further?

Same way, technical questions may be listed as follows :-

1. What network-based indicators can reveal the presence and activity of malware?
2. What host-based indicators can reveal the presence and activity of malware?
3. Is the malware persistent? What is the mechanism to keep it running after rebooting of machine?
4. Is the program based on some other tool?
5. Malware is written in which language?
6. When the program was written, compiled and installed?
7. Is the program packed? Which packer is used for this purpose?
8. Does the program has any anti-debugging functionality?
9. Doest the program include any rootkit?
   These were some of the questions that may help you to reach some conclusion in ur "malware analysis" if answered. 

Hope this wud help you somehow. Have fun. Enjoy HaCKING, Enjoy HaCKTON.