Fast and thorough examination of malicious programs
Malware analysis by BI.ZONE alleviates you from spending resources on maintaining a team of specialists and purchasing expensive tools for infrequent occurences.
Detailed malware research enriches the internal threat intelligence and helps you properly configure their protection.
Our reports describing the functionality of the malware can be used for further investigations and as evidence for getting reimbursed through lawsuits.
Determine the functions of a suspicious program, assess the nature and extent of the threat during infection.
Get indicators of compromise by which the threat can be detected and removed from the network.
Establish whether the attack is directed specifically at your company or is it part of a mass mailing (if possible, determine which cybercrime group the malware belongs to).
1. Preliminary analysis
(~2 hrs after receiving the sample)
We collect statistics and sample program metadata. If possible, we determine the family to which the program belongs, and analyse the textual information. Thus, we can identify key facts about the threat as early as in the first stage of the analysis, and these include: the functions, the C&C server and the commands being executed.
2. Behavioural analysis
(~4 hrs after receiving the sample)
We run a malicious program in a managed environment and monitor its behaviour: what the program does with files, how it changes system settings, which processes it infects, and which server it communicates with. This procedure helps us identify indicators of compromise of infected systems and describe the characteristic signs of the program being present in the infrastructure.
3. Code analysis
(~2 days after receiving the sample)
We carry out reverse engineering using static and dynamic code analysis methods. As a result, we can accurately describe the algorithm of the malicious program and identify all its functions — including the hidden ones.