Malware Analysis is the process of studying malware to determine its function, origin, and potential impact. A common use case is for companies that develop anti-virus/anti-malware solutions. They need to have an in-depth understanding of several different malware samples to find indicators that they can use to detect them. Also, companies like Virustotal have built their entire business around being one of the first entities to identify those kinds of samples and making that database easily available for public use. You should be able to read and analyze computer code to be an effective malware analyst. Here are some of the top programming languages used to do these analyses:
C/C++
C is a very powerful programming language often used in buffer overflow attacks. As one of the older programming languages, C is the most commonly used in creating malware. One of the reasons for this is that it has many windows-based libraries that efficiently control the computer's functionality. Also, Languages like C are more memory efficient than others. Therefore, if you want to be an effective malware having a good understanding of C is imperative.
Get Started With The "Intro to Malware Analysis and Reverse Engineering" Course Today >>
Python
Python became an increasingly popular programming language among security professionals and a choice to create malware. Python's popularity is because of its easy-to-learn syntax and the fact that it has several libraries that make designing security tools very easy. Some of the most notable libraries are Nmap, regex, boto3, socket, and scapy. Imperva, a leading cybersecurity software and service provider, found that 77% of the websites they protect were attacked by at least one Python-based tool.
Assembly Language (X86)
Source @malwarebytes
The term assembly language may be unfamiliar to you, but it's an integral part of all programming languages. Languages like Python, Perl, and even C/C++ are human-readable programming languages. When a machine executes these languages, they are turned into non-human readable binary code, which are the instructions that the computer understands and executes. Assembly language is the lowest-level programming language that humans can read. This is important because the lower down you go in the hierarchy, the more details you can derive on how the malware/program works. Since malware analysis aims to get as much information as possible on malware functions, reading assembly language is a valuable skill set. It is best to learn how to read assembly code.
Visual Basic for Applications (VBA)
VBA is the language used to create Microsoft Marcos. They are programs that automate actions within Microsoft products like Microsoft Word or Excel. VBA can create malware that will run whenever someone downloads a Microsoft attachment and enables Marcos. Now, given how many companies use these products, many hackers create malware in VBA to access the corporate machines. It's a big threat vector for organizations, so it's valuable that analysts can decipher VBA malware.
Conclusion
Malware analysis is the art of deciphering a malware sample to determine its function, origin, impact, and discover compromise indicators (IOCs). Since all malware is computer code, being a good malware analyst requires a good understanding of several different programming languages. This list contains the most popular programming languages to analyze these pieces of software, but it's not an exhaustive list. Some other languages you may want to be familiar with Java, Javascript, Ruby, Perl, Bash, and PowerShell.
