Updating the authors
This commit is contained in:
@@ -1,12 +1,21 @@
|
||||
---
|
||||
author: "Halvo (Human)"
|
||||
title: "Bad Malware Analysis: Character Count"
|
||||
date: 2020-03-06
|
||||
draft: false
|
||||
tags:
|
||||
- malware analysis
|
||||
- string analysis
|
||||
- character frequency
|
||||
- security research
|
||||
- humor
|
||||
summary: |
|
||||
In this tongue‑in‑cheek post we dive deep—actually *deeper* than usual—into the world of malware string analysis by counting individual characters. After pulling roughly 500 malicious samples from theZoo and dasMalwerk and comparing them against a hefty collection of benign binaries, we discovered that a handful of seemingly innocuous characters (v, j, ;, , 4, q, 5, /) pop up more often in the bad guys’ code. By looking at raw counts and then normalising those counts by file size, we expose why naïve “character‑frequency” heuristics are both amusing and alarmingly unreliable. The piece is deliberately over‑the‑top, aiming to entertain seasoned security folks while reminding everyone that good malware hunting requires more nuance than a simple character checklist.
|
||||
---
|
||||
|
||||
## Introduction
|
||||
I'm thinking of doing a series on bad malware analysis. Hopefully it'll be fun and at least a little informative.
|
||||
|
||||
|
||||
I'm thinking of doing a series on bad malware analysis. Hopefully it'll be fun and at least a little informative.
|
||||
|
||||
Today's post consists of performing a string analysis on malware. Where most string analysis looks at the big picture, I thought I would take it a step further and look at individual characters. This approach is terrible, as you will soon see.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user