Mass Malware Analysis: A Do-It-Yourself Kit

2009/10/14
Theory, practice and a construction manual for an automated analysis station for malware using trivial and free instruments.

---

Publication Date

October, 14th 2009

Author

Christian Wojner

Language

English

History

You can download the full document in pdf format here.

---

Content

This paper outlines the relevant steps to build up a customizable automated malware analysis station by using only freely available components with the exception of the target OS (Windows XP) itself. Further a special focus lies in handling a huge amount of malware samples and the actual implementation at CERT.at. As primary goal the reader of this paper should be able to build up her own specific installation and configuration while being free in her decision which components to use.

 

The first part of this document will cover all the theoretical, strategic and methodological aspects. The second part is focusing on the practical aspects by diving into CERT.at's automated malware analysis station closing with an easy to follow step-by-step tutorial, how to build up CERT.at's implementation for your own use. So feel free to skip parts.