So, this week finally saw me selecting the malware sample I’m going to be analyzing for the final paper. I chose one called ficker stealer, from the name alone it can be guessed at what it does. If the name isn’t enough, it steals your information a whole lot of it. It’s due to malware like this one that two-factor authentication is extremely necessary. This malware not only rummages around your system for usernames and passwords, but it also looks at your browser and steals the passwords for anything it can find including crypto wallets. To add the cherry on top it also logs and sends all the information about the hardware you have. Any type of info is fair game for this malware down to the color you use on your quick bar. Performing static analysis on the file showed a lot of interesting information including all the file manipulation it does to log all your information, most interesting was that there was a call to cryptographic services potentially meaning it encrypts all the logged information before sending it out.

Performing the static analysis was really fun since I got to see under the hood of the malware since none of it was packed (put simply packed means static analysis is impossible). Although, like all good things it soon came to an end. When I tried to perform dynamic analysis, running the malware, I ran into a wall that I have yet to work around. I kept getting a Kernel32.dll error saying the entry point for the linked library was missing but looking into the file myself showed that everything was there. Looking for work arounds or solutions proved difficult since most things are for getting malware off your computer, not getting it to run on it. I’m glad I caught it early though since it gives me plenty of time to look for work arounds or simply try different environments.