{"id":39,"date":"2022-04-22T06:48:09","date_gmt":"2022-04-22T06:48:09","guid":{"rendered":"https:\/\/blogs.oregonstate.edu\/garciae4\/?p=39"},"modified":"2022-04-22T06:48:09","modified_gmt":"2022-04-22T06:48:09","slug":"looking-at-the-enemy","status":"publish","type":"post","link":"https:\/\/blogs.oregonstate.edu\/garciae4\/2022\/04\/22\/looking-at-the-enemy\/","title":{"rendered":"Looking at The Enemy"},"content":{"rendered":"<div class=\"wp-block-post-excerpt\"><p class=\"wp-block-post-excerpt__excerpt\">This week finally saw me analyzing pieces of malware. Nothing too fancy, only using static techniques since I only had VMs setup and connected to each other but not fully isolated from the internet or from the host (my actual computer). So, it was still at little dangerous, but not too much as long as&hellip; <\/p><\/div>","protected":false},"excerpt":{"rendered":"<p>This week finally saw me analyzing pieces of malware. Nothing too fancy, only using static techniques since I only had VMs setup and connected to each other but not fully isolated from the internet or from the host (my actual computer). So, it was still at little dangerous, but not too much as long as I didn&#8217;t actually try to run the malware. I utilized a repository that contained the binaries of many samples of malware called the Zoo. I mostly looked through samples that had cool sounding names, like Friday the 13th. While looking through those samples I found that many didn&#8217;t try to hide that they were viruses although that could be due to them being a part of a repository meant for others to learn about analysis. Another thing I discovered was that not all samples will get analyzed by the tools I downloaded because they are just too old and built for very old operating systems. The coolest sounding one, Friday the 13th, was one such sample. It is a piece of malware that was built in the late 80s\/early 90s for the MS-DOS operating system. Its purpose was deleting all files in the infected system only on Friday the 13th, so the name fits. I didn&#8217;t select an of the samples I looked at for my main analysis sample since most were old and didn&#8217;t have any network aspects, so dynamic analysis would have been a no go. I&#8217;m going to completely isolate my analysis lab soon so that I can perform analysis in a far more secure environment and hopefully select a really cool piece of malware to analyze.<\/p>\n","protected":false},"author":12235,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-39","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/posts\/39","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/users\/12235"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/comments?post=39"}],"version-history":[{"count":1,"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/posts\/39\/revisions"}],"predecessor-version":[{"id":40,"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/posts\/39\/revisions\/40"}],"wp:attachment":[{"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/media?parent=39"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/categories?post=39"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.oregonstate.edu\/garciae4\/wp-json\/wp\/v2\/tags?post=39"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}