Malware analysis

Fast and thorough examination of malicious programs

Behavioural analysis

Static analysis

Dynamic analysis

OUR RECOMMENDATION return to the list of services

Value

Malware analysis by BI.ZONE alleviates you from spending resources on maintaining a team of specialists and purchasing expensive tools for infrequent occurences.

Detailed malware research enriches the internal threat intelligence and helps you properly configure their protection.

Our reports describing the functionality of the malware can be used for further investigations and as evidence for getting reimbursed through lawsuits.

What can you do with the help of malware analysis

Determine the functions of a suspicious program, assess the nature and extent of the threat during infection.

Get indicators of compromise by which the threat can be detected and removed from the network.

Establish whether the attack is directed specifically at your company or is it part of a mass mailing (if possible, determine which cybercrime group the malware belongs to).

When a malicious program enters your infrastructure, your cybersecurity team needs to know as much as possible about the threat: how it works, how it hides and how it can be eradicated. This kind of intel requires an abundance of resources and specific expertise.

We have all it takes to get the job done: the tools, the knowledge bases and a team of seasoned experts with a lot of experience in malware analysis. We can provide all the information necessary for incident response. You will start to learn about the threat in a few hours after sending us the sample.

Our experience

  • We helped clients neutralise such threats as WannaCry, Lurk, Carbanak, RTM, Silence, Emotet.
  • Our specialists take part in court proceedings as cybercrime experts.
  • We constantly follow the latest trends in malware and share our knowledge with the public. We regularly give talks at conferences, publish research papers, and produce articles for the media.

1. Preliminary analysis
(~2 hrs after receiving the sample)

We collect statistics and sample program metadata. If possible, we determine the family to which the program belongs, and analyse the textual information. Thus, we can identify key facts about the threat as early as in the first stage of the analysis, and these include: the functions, the C&C server and the commands being executed.


2. Behavioural analysis
(~4 hrs after receiving the sample)

We run a malicious program in a managed environment and monitor its behaviour: what the program does with files, how it changes system settings, which processes it infects, and which server it communicates with. This procedure helps us identify indicators of compromise of infected systems and describe the characteristic signs of the program being present in the infrastructure.


3. Code analysis
(~2 days after receiving the sample)

We carry out reverse engineering using static and dynamic code analysis methods. As a result, we can accurately describe the algorithm of the malicious program and identify all its functions — including the hidden ones.

Order

Reasonable and appropriate measures are taken to ensure that your personal data is protected from unauthorized access or modification, unlawful destruction, and improper use. No information provided by you will be made available to third parties. Personal data will be held only for as long as is necessary for the purpose for which it is provided and, in any event, will only be kept for 24 months after any application you have made has been completed. By submitting your personal information, you consent to the use of your information as set out in this statement.