6th ICR and ID-SIRTII Research Seminar

MasWin ToolsMalware Analysis Windows

ToolsPadma Hotel - Bali

23 September 2015

Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / info@idsirtii.or.id

Android Malware Operating System

M. Lutfi Sahlan (Malware

Analyst)Research & Development

Dept.Id-SIRTII/CC

M. Ali Syarief (Malware Analyst)Research &

Development Dept.Id-SIRTII/CC

Id-SIRTII/CC is Indonesia National Computer Emergency Response Team

OUR AIMS  To support a good environment on Internet infrastructure in the

country

To improve Internet security and encourage legal e-transactions in Indonesia.

  Ali Syarief(Malware Analyst)Research & Development

Dept.Id-SIRTII/CC

Andre Nurhanggoro ( Simulation Lab )

Research & Development Dept.Id-SIRTII/CC

OVERVIEW

A software which is designed to infiltrate a computer system

without the owner’s informed consent

Malware

MALicious softWARE

Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / info@idsirtii.or.id

THE EVOLUTION OF MALWARE

Category DESCRIPTION

MALWARE CATEGORY

Ravindo Tower 17th floorKebon Sirih No. 75 Central Jakarta 10340 - IndonesiaP: +62 21 3192 5551 / info@idsirtii.or.id / www.idsirtii.or.id

Workflow Lab Malware ID-SIRTII/CC

Why Analysis Malware

Incident ResponseIncident Response

VulnerabilityVulnerability

Attack trends and Threat EvaluationAttack trends and Threat Evaluation

Penetration TestPenetration Test

Computer ForensicsComputer Forensics

Find New signatureFind New signature

regedit

ATTACK AREAWINDOWS

Surface Analysis

TrIDTrIDCFF ExplorerCFF Explorer

BinTextBinText

Runtime Analysis

RegshotRegshot

PE & PMPE & PM

WiresharkWireshark

Static Analysis

OllyDbgOllyDbg

IDA ProIDA Pro

Runtime Analysis

RegshotRegshot

PE & PMPE & PM

WiresharkWireshark

Surface - RUNTIME- Static

DEMOVIDEO