What can you do with the help of malware analysis

Determine the functions of a suspicious program, assess the nature and extent of the threat during infection.

Get indicators of compromise by which the threat can be detected and removed from the network.

Establish whether the attack is directed specifically at your company or is it part of a mass mailing (if possible, determine which cybercrime group the malware belongs to).

Our experience

  • We helped clients neutralise such threats as WannaCry, Lurk, Carbanak, RTM, Silence, Emotet.
  • Our specialists take part in court proceedings as cybercrime experts.
  • We constantly follow the latest trends in malware and share our knowledge with the public. We regularly give talks at conferences, publish research papers, and produce articles for the media.

Malware analysis

Fast and thorough examination of malicious programs

Malware analysis

Behavioural analysis

Static analysis

Dynamic analysis

OUR RECOMMENDATION return to the list of services

Value

Malware analysis by BI.ZONE alleviates you from spending resources on maintaining a team of specialists and purchasing expensive tools for infrequent occurences.

Detailed malware research enriches the internal threat intelligence and helps you properly configure their protection.

Our reports describing the functionality of the malware can be used for further investigations and as evidence for getting reimbursed through lawsuits.

When a malicious program enters your infrastructure, your cybersecurity team needs to know as much as possible about the threat: how it works, how it hides and how it can be eradicated. This kind of intel requires an abundance of resources and specific expertise.

We have all it takes to get the job done: the tools, the knowledge bases and a team of seasoned experts with a lot of experience in malware analysis. We can provide all the information necessary for incident response. You will start to learn about the threat in a few hours after sending us the sample.

Malware analysis is carried out in three stages:

1. Preliminary analysis
(~2 hrs after receiving the sample)

We collect statistics and sample program metadata. If possible, we determine the family to which the program belongs, and analyse the textual information. Thus, we can identify key facts about the threat as early as in the first stage of the analysis, and these include: the functions, the C&C server and the commands being executed.


2. Behavioural analysis
(~4 hrs after receiving the sample)

We run a malicious program in a managed environment and monitor its behaviour: what the program does with files, how it changes system settings, which processes it infects, and which server it communicates with. This procedure helps us identify indicators of compromise of infected systems and describe the characteristic signs of the program being present in the infrastructure.


3. Code analysis
(~2 days after receiving the sample)

We carry out reverse engineering using static and dynamic code analysis methods. As a result, we can accurately describe the algorithm of the malicious program and identify all its functions — including the hidden ones.

Order

(optionally)
(optionally)

I consent to my personal data being used in accordance with the Privacy Policy for the following:

We use cookies to personalize the services and the convenience of website users. You can prevent cookies from being stored in your browser settings. By using this website, you confirm your consent to the Privacy policy.