Course Repository for University of Cincinnati Malware Analysis Class (CS7038)

View on GitHub

HW03: Static Analysis Utility

In the Week 04 lectures, you were introduced to static analysis and have been provided a demonstration of a utility for extracting some static analysis data from malware samples using tools on the Remnux VM.

Your assignment for HW03 will be to take the source code that I began in Lecture Wk04.2 and add an additional analysis to the program that will extract some useful data from the artifact(s).

You will write a report to accompany this, which will include malware analysis of two or more malware samples highlighting why the information extracted is significant.

The Python program is available here: metadata_import.py

If you recall, the Python code that I’ve written already collects the following data from the sample, puts it into a global object within the script, and finally commits it into the database:

You will use a ZIP file containing malware that I provide to you as your experimental set for this homework. This file is available here: Malware_Bundle_HW03.zip (Password: infected7038)

You’ll submit a report (PDF preferred), plus supporting code, artifacts, and binary data in a ZIP file. You do not need to submit the malware samples to me, but rather include the digest values that uniquely identify the malware samples significant to your analysis. Include the BSON and JSON file(s) generated by the “mongodump” operation in your ZIP file as well.