Course Repository for University of Cincinnati Malware Analysis Class (CS7038)

View on GitHub

Applying Static Analysis

This lecture builds off of the Wk04.1 lecture by demonstrating how to use the tools introduced in that lecture in the construction of a tool for data management and ingestion.

Some key elements of MongoDB are introduced. More information is available here: MongoDB Documentation

Some existing open-source malware management platforms that we use as production examples:

We discuss how collection requirements are defined to give direction to what analysis is to be performed on a sample. From that, we integrate our tools from Tuesday’s discussion into a single script that performs the data extraction, normalization, and storage (into MongoDB) steps for us. We then demonstrate using that script on an entire directory of malware:

cd test_samples
ls -1U | xargs -n 1 ../metadata_import.py -f

The script is available here, and will be used in HW03: metadata_import.py

Once the data has been ingested, we are able to perform broad analysis across the entire dataset using single queries.

Slides: lecture-w04-2.pdf (PDF)

Video: CS7038: Wk04.2 - Static Analysis Introduction
Note: Video contains a bug where Wk04.1 is listed, but it is actually Wk04.2 lecture