Please enable JavaScript.
Coggle requires JavaScript to display documents.
Malware Discovery - Coggle Diagram
Malware Discovery
YARA
Technique Used
patterns & rules
Goals
identify & classify malware
Tools
yara64.exe
Sigcheck
Goals
checking for digital signature
Techniques Used
scanning code signing
integrate with VT
Tools
sigcheck
pescan
Goals
scan PE & detect anomalies
Techniques Used
Anomaly Detection
Based on score - focus on higher score
Tools
pescan
DensityScout
Goals
detect obfuscation (pack / encryption)
Techniques Used
scan & calculate density
(focus on less than 0.1)
Tools
densityscout
Suspicious File Indicator Formula
Poor Density Score + No Digital Signature + Anomalistic Behavior - Known Goods