Malware Analysis

Right Turn Security work in flow to secure a company from malware attack. Malware shows different behaviour in networks. Our Team is well trained to perform behaviour analysis and find hidden malware inside Company Network. 

Collect

Our Team Start Malware analysis Process with Advance Sample Collection techniques based on malware Behaviour

Analyze

Our Malware Specialists perform deep analyzation of the sample with upgraded technology only based in UK.

Response

Our Team gives end response with report containing complete understanding of the malware in its all stages.

Right Turn Security Network Analyst

Malware Analysis Training

  • Syllabus based on MSAB
  • UK Certified Trainers
  • Job Training
  • UK Law Based Court Room Skills
  • Professional Report Writing
Join

Malware Analysis Tools

  • Wireshark: It is a network analyser tool which analysis the network traffic linked with the system.
  • Reg Shot: This tool analysis the changes happened in the registry and files of the target system.
  • IDA Pro: This tool is an interactive disassembler and debugger used to analyse and understand the code with the help of different security plugins.
  • Sys Tracer: This tool helps to track registry changes in a target computer.
  • PEID: This tool is used to detect PE Packers, cryptors and compilers found in executable files.
  • MitecEXE explorer: This tool helps to get information regarding executable files such as version info, sections, classes, packages and directories.
  • DNS Sniffer: This network sniffer tool basically shows the DNS queries sent on the system.
  • Dependency walker: This tool helps to scan any 32bit or 64bit windows module (exe, dll, ocx, sys) and builds a hierarchical tree diagram of all dependent.

Basic Malware Analysis Example

Your friend has already opened the document attachment. What happened? Is his machine already infected? Find proof for/Argue your answer!

To find out changes in the machine, reg shot has been used. We compare two shots. One is taken before opening the document and second shot is taken after opening the document. The comparison report shows 31 changes, which are related to normal functioning of system. No infected values are found. This proves that the system is not infected by just opening the document attachment. My friend opened the .rtf file which will not affect the system. The system can be infected by double clicking on the image file. Regshot comparison report proves that machine is not infected. Figure 2 shows the comparison report.