Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology, Islamabad Campus

Faculty of Computing and Engineering Sciences

Static, Dynamic and Hybrid Techniques for Malware Analysis

Introduction
Static analysis systems (pre-execution analysis): Process malware without running it, and
Place
extract features to be used for malware detection and classification.
Dynamic analysis systems (post-execution analysis): It involves running the malware either in
Introductory
a physical or virtual environment, and searching for indicators of malicious activities
Hybrid Analysis Systems: The Static analysis and Dynamic analysis together called as Hybrid
Figure Here
Analysis. It is a file analysis approach that combines runtime data with memory dump analysis to
extract all possible execution pathways even for the most evasive malware. All data extracted from
the Hybrid Analysis engine is processed automatically and integrated into the malware analysis
reports.

Problem Statement
Top ten obfuscation techniques found in our dataset. | Top ten malware families in our collected dataset from VirusShare corpus.

 Malware attacks cost billions of dollars annually.

 65% of users feel effect of cyber crime.
 28 days to resolve an average cybercrime.
 90% of malware resists analysis.

Purpose and targeted audience

 Malware analysis involves dissecting malware to
Discussions
understand how it works, and determine its Modern malware employs obfuscation, packing, encrypting, and
functionality, origin, and potential impact. other evading techniques to hide its malicious activities to bypass
antivirus software and advanced detection systems.
 Malware analysis is essential for any business and
infrastructure that responds to cybersecurity incidents.

Proposed Model

Below are the Malware Analysis Techniques

Static Dynamic Hybrid Memory

API Call Function Call Combination of Process/Service

Static and Dynamic

CFG Function
Parameters DLL

Opcode Instruction Registry Keys

Traces

-
Network
N Gram Connections

Conclusion
Hybrid analysis technique analyze the signature of malware and
then combine it with behavioral pattern parameter but it only
analyzes the malware that is stored on the disk and the same
malware runs in the memory. Malware that sits and run in the
memory is either not checked or high probability that their
signature and behavioral pattern is not the same as the classic
malware that sits in the hard disk and run in the memory.

Ahsan Ullah(21109109)Fall 2022 MS Cyber Security

Malware Analysis