Introduction to Ollydbg

To start with malware analysis you need to know about debugging. Ollydbg is the most popular  user mode debugger among Malware analysts and reverse engineers. I will explain debugging types user mode and kernel mode debugging later. First you should get familiar with Ollydbg. You will be using it a lot during malware reverse engineering. There is one more popular debugger named immunity debugger with support for python scripting. Immunity is very similar to ollydbg in usage. But ollydbg is more popular because its old and have long list of plugins. This tutorial will also be applicable to immunity debugger. But i would recommend that for now you should start with ollydbg you can switch to immunity later if you want when you get comfortable with ollydbg.
So not wasting more time here is brief introduction to Ollydbg.

As the name itself suggests OllyDbg is debugger and disassembler for Microsoft Windows PE(Portable Executable) files (32-bit) . According to the author , Oleh Yuschuk, OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. The current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors.

Static and Dynamic Analysis

Malware Analysis can be broadly divided into two categories:
· Static Analysis
· Dynamic Analysis

Static Analysis

It’s a malware analysis technique in which malware sample is not run it is analyzed statically using tools such as Sting viewer, Dis-assemblers, PE format viewers, etc. It is safer than dynamic analysis as sample is not executed so there is no chance of infecting the machine but it is slower process and requires much experience to do it properly. And if binary is packed it is not possible to analyze it without unpacking.

It can be further divided into two categories:
· Basic Static analysis
· Advanced Static Analysis

Malware Categories

I will describe various malware types here briefly. I won’t go into much detail here I will explain each type in detail when we will analyze that. Let me clear one thing first today’s malware cannot be strictly categorized in one category as they have characteristics of more than one type. Malware is usually categorized based its capabilities and modern malware is hybrid malware that is designed to do multiple functions such as stealing data, providing backdoor access, infecting files, etc. The categories are merely created for classifying malware its not mandatory to spend much time on categorizing malware it’s just for convenience.

There are many categories of malware but I will cover only the popular and common one’s.

So don’t wasting time here are various types of malware:

Trojan

Trojan or Trojan horse name came from ancient Greek history, Trojan horse allowed an army to sneak into highly guarded gate.

What is malware and malware analysis?

Malware

Malware is, by definition, any code that performs malicious, unknown or 'bad' action.
Malware is a short term for malicious software. Malware is basically a piece of software that does malicious activity. Malicious activity can be of many types such as stealing user's personal information (such as usernames, passwords, credit card information etc.) providing backdoor access to attacker, destroying files on the system, etc. anything that is designed to damage, disable or disrupt computer or computer systems.

Wikipedia
Malware, short for malicious (or malevolent) software, is software used or created by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software.'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

Welcome to the world of malware!

Welcome to "TheMalwareHunter" blog. This blog will be dedicated to Malware Analysis mostly and we will also do some reverse engineering along the way. There are also many other blog related to malware analysis but they are not focused on newbies, to understand those blogs you already need to have quite technical knowledge of RE and Malware Analysis. So i am starting this blog as a central repository for people who wants to start with Malware Analysis. We will start from basics and gradually go to more advanced techniques. Any feedback or comments are welcome.