Malware Analyst at G DATA. Ransomware hunter. he/him 🦔🌈🏳️⚧️
Jan 23, 2023 • 10 tweets • 2 min read
Tips to stay safe while working with malware samples.
1. Use different OS on the host machine than your analysis VM
--> most malware will not be able to run there
2. Use a different machine for malware analysis (even if analysis happens in VM) than for your other work or private stuff
3. Make sure the analysis machine is not connected to the company network or your personal network.
The CustomActions column shows that the exported function "egzsymgucwe" is called from the DLL
Sep 4, 2021 • 12 tweets • 2 min read
Entropy is a measure of how much information is in a data input.
When we talk about entropy in files, we usually mean the Shannon entropy. Depending on whether we use bytes or bits as a basis for calculation, the result is a range between 0-8 or 0-1.
To understand entropy, imagine your friend writes you a grocery list. In their first message they write:
Some thoughts about maliciousness of joke malware, educational malware and other "gray" areas. (thread)
Malware is any program that does harm to a system or user.
Harm or damage is not limited to things you can count as monetary loss. It can also be sleepless nights, feeling anxious or frightented, having personal data leaked that might or might not be used to harm you later.
Jan 7, 2018 • 18 tweets • 2 min read
Some arbitrary facts about malware detection names and detection rates on VT.
(thread)
(1) Detection names usually include information about platform, malware type, family and variant, sometimes also hints about the technology that was used to detect the malware.