pshirolk3012/malware-analysis-reverse-engineering

# Malware Analysis & Reverse Engineering ## Overview This project focuses on analyzing Windows malware samples using static analysis, dynamic analysis, reverse engineering, registry monitoring, process inspection, and behavioral analysis techniques. The objective was to understand malware characteristics, identify indicators of compromise, observe system changes, analyze embedded resources, and document behavior in a structured investigation report. ## Security Focus - Malware analysis - Static analysis - Dynamic analysis - Reverse engineering - PE file analysis - Registry analysis - Process analysis - Network indicator review - Malware behavior documentation ## Tools & Technologies - VirusTotal - PEiD - PE View - CFF Explorer - Resource Hacker - Dependency Walker - Strings - Regshot - Process Explorer - OllyDbg - Ghidra - Windows XP Analysis VM ## Key Activities - Performed static analysis to inspect PE headers, sections, imports, strings, and embedded resources. - Used VirusTotal to review detection results, contacted URLs, domains, IP addresses, hashes, and malware classification. - Identified whether samples were packed using PEiD and file structure analysis. - Extracted and analyzed embedded executables and resources using Resource Hacker and Dependency Walker. - Performed registry comparison using Regshot to identify malware-created registry changes and service persistence. - Observed process behavior using Process Explorer, including service execution and process hosting activity. - Used OllyDbg and Ghidra to analyze memory buffers, function behavior, XOR operations, and resource-loading routines. - Documented malware behavior including downloader activity, service installation, suspicious network communication, and keylogging-related behavior.