Introduction to Malware Analysis

This course is designed for people who want to learn how to analyze and understand malware, even if they are just starting out. You don’t need to be an expert. We explain everything in a simple and clear way.

What You Will Learn:

🛠️ Setup and Tools:

What malware is and the different types

How to install virtual machines like VirtualBox, Windows 10, REMnux, and Flare-VM

Setting up tools for network analysis (like Inetsim)

The difference between REMnux and Flare-VM

🔍 Static Analysis:

How to take a system snapshot before running malware

Downloading and checking malware samples

Using VirusTotal and looking at file information (hash, format, etc.)

Finding useful strings and understanding Windows APIs

Learning about the PE file format and packers

⚙️ Dynamic Analysis:

Watching what malware does while it runs

Using tools like Procmon and understanding how malware changes the system

Checking how malware interacts with the Windows Registry

Looking at real malware like reverse shells

🧠 Advanced Static Analysis:

Introduction to Assembly language and why it matters

Understanding how computers read code at a low level

Learning the basics of Ghidra for code analysis

🐞 Advanced Dynamic Analysis:

What debugging is and how to do it

How to patch binaries and memory

How to deal with anti-debugging tricks used by malware

How to unpack protected malware

🔎 YARA Tool:

Learn what YARA is and how to write your own rules to detect malware

💣 Hands-On Labs:

Lab 1: Analyze the famous WannaCry ransomware

Lab 2: Dive deeper into how ransomware works

🧬 Special Topics:

Analyze shellcode (small pieces of malicious code)

Analyze malicious PDF and Word documents

Reverse engineer malware written in C# (like Black-NET)

By the end of this course, you’ll be able to set up your own malware lab, analyze different types of malware, and understand how they work under the hood.