Quick malware analysis during incidents
http://kingofdkingz99.blogspot.com/2012/11/quick-malware-analysis-during-incidents.html
During
security incidents due to malware infections, it is required to act
fast and identify the malware behavior and take actions. However
analyzing malware may takes time ,especially if considering that
antiviruses cannot detect new well-crafted malwares.
To
quickly analyses a suspicious file to identify if it a malware or not
and understand its behavior, the following quick actions can be taken
1-upload the file to virustotal
Virustotal.com
will check if the file detected by any of the antiviruses rather the
one installed. In this case the antivirus vendor may contacted to
produce a signature for the malware
Both sites will analyze the file behavior and will indicate if it is a malware or not. Comparing results
Also
the analysis will help taking necessary action such as removing the
virus, blocking access to its C&C, produce IDS/IPS signature etc.
These 2 actions are very simple but when there is no time or tools in place remeber that these actions will be the last resort.
