Analyze and Classify Malware Lab Part 2

00:00

Hey, everyone, welcome back to the core. So in the last video, we went ahead and created are malicious file. If you haven't done that yet, if you haven't watched that video definitely pause this one because you will need that file as we go through this entire lab. So pause this video, Go back to that last one and make sure you get that file created.

00:15

We also went ahead and look for any malicious signatures in the file. So we ran a quick scan with been walk to see if he found anything. We also got a visual ization of the file. So we used been walk again to get a visual ization. And as I mentioned in the last video, I think he looks like the Borg Ship Cube from Star Trek.

00:33

So in this video, we're gonna go ahead and look for any op codes in this particular file. We're also going to perform a hash on this file as well.

00:43

So if you haven't downloaded the step by step guide, be sure to go to the resource is and down that death has been download that particular guide because we'll allow you to walk through step by step on your own because you may find that I go too slow or too fast in this lab. So I want to make sure you have the best experience possible.

00:58

So we left off with and we're at step number 12 here on the step by step lab guide. So we're gonna go ahead and type in this command here, this been walk space, dash Capital A and then on file name here.

01:08

So let's go ahead and do that. We'll go back to our terminal window here,

01:12

and we're gonna type in, been walk all over case

01:15

a space dash, Capital A and in her file names, which again is malicious file dot e x e.

01:22

So we'll go ahead and type that in,

01:26

and we'll see if we get any op codes or not codes back and not codes or just no operation up codes. So we see here that we do get them back. If you look here, you should see that you've got them here.

01:38

All right, let's go back to our lab guide here.

01:41

And so question number one is Do you see any no operation up codes And in my example Yes, I do see them. And you should also see the same thing on your side.

01:49

So next we're gonna type in this command here for step 13. So let's go back to our,

01:53

uh, command from here.

01:57

So we're to type in X if tool

02:00

space and then our file name so malicious file, dot, etc.

02:05

And this will just give us some additional information about this malicious file

02:10

you'll see here. It gives us some very basic information version number, et cetera. It may or may not be helpful information as we're analyzing these, but just another sort of step in the process.

02:22

And finally, the last thing we're going to do in our labs. We're gonna go ahead and perform a hash on this particular file. It's very important to perform a hash that way. If you see this malware again, especially if you're working with, like, an antivirus company, for example, a lot of them use signature based, along with heuristic analysis and stuff. So

02:38

signature based when we when you talk about that, if you've heard that terminology before,

02:44

that's what we're talking about here.

02:46

So let's go ahead and just type in that last command is gonna be MD five deep

02:50

space, malicious file

02:53

Don t x c

02:54

and we're just gonna go ahead and run that it's going to give us the hash of this particular file. So you see the hash right there? It's a bunch of letters and numbers.

03:02

All right, so in this video, we just went ahead and wrapped up our lab. So we went ahead and we looked for no operation op codes

03:10

in the mall where we also went ahead and got some additional information using the exit tool. And then we just wrapped up by hashing this malicious file.

03:19

So in the next video, we're gonna go ahead and start our additional lab in this course, which is going to be the root kit lab. And as I mentioned before,

03:25

the root kit we're using is a very old one. So it was, I believe, way back in 2004 is when it was created. However, it allows us to get some of the fundamentals and actually be able to analyze it. So