2

I have analysed a shortcut virus statically and its impact on USB drives and wrote a code to repair its damage.

My static analysis of this malware on USB drives:

  1. It creates shortcuts for all folders and files present in my removable drive.

  2. In order to infect the computer, it modifies the autorun.inf file and thereby infects the PC when removable drive is plugged in.

I analysed this statically without executing anything. (I mean just analyzing the removable drive)

So in order to solve these issues I wrote a small piece of code to iterate over the drive to find shortcuts and fixing the attributes. I used several iteration techniques to dive through the drive fixes the auto-run problem of USB drive.

This of-course fixes the problem of the USB drive. But shortcut viruses infect the computer modifying the start-up and registry.

I want to see what the malware changes, so I want to analyse the malware dynamically. Static malware analysis will not help here, I am sure of it.

To analyse the malware I need to set up an environment suitable for analysis.

I came to know about virtual machines like VMWare will do that. I have no problem with that but some suggest Linux is the best OS for analyzing malware.

Since this malware modifies the registry entry and start-up I am quite confused about which operating system to install. To analyse Malware which affects the Windows platform, I think I should install Windows or should I install Linux or something?

I have all the tools to analyse the malware statically.

schroeder
  • 123,438
  • 55
  • 284
  • 319
VISWESWARAN NAGASIVAM
  • 273
  • 2
  • 15
  • 1
    Lookup Cuckoo Sandbox, it's a really good sandbox for malware analysis. Unless you want to create something "New". – mike-stokkel Mar 17 '16 at 16:27
  • Quick search on Google says that it is used to analyze known malware since it is automated. Since it is a sandbox it will not affect other files right? and can be done safely in Windows.? Thank you – VISWESWARAN NAGASIVAM Mar 17 '16 at 16:42
  • 1
    Have you already looked at https://malwr.com ? Example of analysis here: https://malwr.com/analysis/ZWYwMzYwZGUxZjRhNDU0OWJhNDc3YTg3OGNhZjM0Mzc/ – pureooze Mar 18 '16 at 02:30
  • @UzSh I know about malware.lu but this is new. The link provided by you, Is that a report for shortcut virus? Thank you for your help – VISWESWARAN NAGASIVAM Mar 18 '16 at 06:04
  • @UzSh I referred the website provided by and found that In order to access several report files and samples we need to create an account, Is that trustworthy? – VISWESWARAN NAGASIVAM Mar 18 '16 at 06:11
  • 1
    Well that's really up for you to decide but you can always sign up using a temporary email address and fake information. You can upload a file and they will analyze it for you and tell you what files and registry keys it accesses. – pureooze Mar 18 '16 at 10:12
  • If you want to build a custom behavioural analysis platform I'd suggest you to take a look at [SEE](https://github.com/F-Secure/see). It allows you to build sandboxes for malware analysis. – noxdafox Mar 20 '16 at 14:29
  • 1
    [FlareVM](https://github.com/fireeye/flare-vm) is a good choice for dynamic malware analysis, it also is suitable for every step of malware analysis. Just setup a VM with a free of charge Windows image from [here](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/). – Sir Muffington Oct 24 '19 at 12:35

0 Answers0