Uzair Afzal

Basic Static Analysis: Let's jump into the labs of the  PMA (Practical Malware Analysis) . You can revise you basic concepts about the malware analysis from  blog . Outdated tools were used in the book So, I'll be using some latest tools which provides us the same results. Labs can be downloaded from  PMA Labs . Tools: Following tools are used throughout the  Lab-01 . PEStudio DIE (Detect it easy) Virus Total upx Lab-01: Binary Name:  Lab01-01.dll Question1: Upload the files to http://www.VirusTotal.com/ and view the reports. Does  either file match any existing antivirus signatures? Ans:  Open the file the file in  PEStudio.exe  to find out the hash of file. Figure 1 As you can see in  Figure 1  hashes are highlighted. Use any one of hash or click on the  URL  to find match for any existing antivirus signatures. You can also take help from PEStudio.exe to collect the virus total information as shown in the following figure. There are  40  antivirus detected this file as malici