Degree Type

Creative Component

Semester of Graduation

Fall 2018

Department

Electrical and Computer Engineering

First Major Professor

Doug Jacobson

Degree(s)

Master of Science (MS)

Major(s)

Information Assurance

Abstract

In tying together information learned in the Information Assurance program at Iowa State this paper goes over an introduction to malware, basic malware analysis, and setting up a manual malware analysis lab. Malware is malicious software that causes harm. The average malware will have 125 lines of code. Generally, malware consists of 3 components: a concealer, a replicator, and a bomb. Malware is classified based on its nature and functionality. The 3 most common we see are viruses, worms, and Trojans. Malware generally falls into two categories based on its target: mass malware and targeted malware. Four general stages of malware analysis are manual code reversing, interactive behavior analysis, static properties analysis, and automated analysis. The paper goes over basic static and basic dynamic analysis. It briefly touches on advanced static and advanced dynamic analysis to cover 3 of the stages above. Sandboxes are covered and Cuckoo is talked about to cover automated analysis. Setting up a malware analysis lab is talked about as a physical lab or a virtual lab can be set up. Steps are given to use VMWare Workstation Pro to set up a manual malware analysis lab, getting a Microsoft Windows virtual machine, and installing Fireeye’s flare-vm on it. In closing, some work that can be expanded on and done in the future is discussed.

Copyright Owner

Joseph Peppers

File Format

application/pdf

Share

COinS