Table of Contents for

Practical Malware Analysis

V

value entry, in registry, Common Registry Functions

variables, global vs. local, Recognizing C Code Constructs in Assembly

VERA (Visualizing Executables for Reversing and Analysis), Tools for Malware Analysis

victim information, malware gathering of, Detailed Analysis

viewing processes, with Process Explorer, Viewing Processes with Process Explorer

virtual addresses, automatically naming, Enhancing Disassembly

virtual function tables, Virtual vs. Nonvirtual Functions, Use of Vtables, Detailed Analysis

recognizing, Use of Vtables

virtual functions, vs. nonvirtual, Inheritance and Function Overriding

virtual machine team, Setting Up Host-Only Networking

virtual machines, Malware Analysis in Virtual Machines, Malware Analysis in Virtual Machines, Configuring VMware, Setting Up Host-Only Networking, Connecting and Disconnecting Peripheral Devices, Taking Snapshots, Sandbox Drawbacks, Monitoring with Process Monitor, Setting Up Kernel Debugging, OPSEC = Operations Security, Anti-Virtual Machine Techniques, Tweaking Settings, Examining the Hook in OllyDbg, Short Answers

(see also anti-virtual machine (anti-VM) techniques)

crashing from procmon, Monitoring with Process Monitor

disconnecting network, Configuring VMware

escaping, Tweaking Settings

hiding precise location, OPSEC = Operations Security

malware detection on, Sandbox Drawbacks

malware efforts to detect, Anti-Virtual Machine Techniques, Short Answers

option to boot debugger-enabled version of OS, Setting Up Kernel Debugging

setting up, Examining the Hook in OllyDbg

structure, Malware Analysis in Virtual Machines

taking snapshots, Connecting and Disconnecting Peripheral Devices

transferring files from, Taking Snapshots

using multiple, Setting Up Host-Only Networking

virtual networking, Configuring VMware, Basic Dynamic Tools in Practice

Virtual Size, Examining PE Files with PEview

VirtualAlloc function, Software Breakpoints, Detailed Analysis

Poison Ivy use of, Software Breakpoints

VirtualAllocEx function, Launchers, DLL Injection, DLL Injection, DLL Injection, NOP Sleds, Important Windows Functions, Summary, Detailed Analysis, Detailed Analysis

and direct injection, DLL Injection

and process injection, Launchers

VirtualProtectEx function, Important Windows Functions

VirtualSize field, in PE header, PE Header Vulnerabilities

virus, Types of Malware, Common Exceptions

language setting and, Common Exceptions

VirusTotal, Antivirus Scanning: A Useful First Step, Tools for Malware Analysis, Short Answers, Detailed Analysis

Visualizing Executables for Reversing and Analysis (VERA), Tools for Malware Analysis

VMcat, Tweaking Settings

VMchat, Tweaking Settings

VMdrag-n-hack, Tweaking Settings

VMdrag-n-sploit, Tweaking Settings

VMftp, Tweaking Settings

VMware, Malware Analysis in Virtual Machines, The Structure of a Virtual Machine, The Structure of a Virtual Machine, Using Your Malware Analysis Machine, Connecting and Disconnecting Peripheral Devices, Taking Snapshots, The Risks of Using VMware for Malware Analysis, The Risks of Using VMware for Malware Analysis, Single-Stepping, Drivers and Kernel Code, Setting Up Kernel Debugging, Anti-Virtual Machine Techniques, Using ScoopyNG

artifacts, Anti-Virtual Machine Techniques

configuring, The Structure of a Virtual Machine

configuring to create virtual connection with host OS, Setting Up Kernel Debugging

disk space use, The Structure of a Virtual Machine

kernel debugging setup, Drivers and Kernel Code

movie-capture feature, The Risks of Using VMware for Malware Analysis

Network Address Translation (NAT) mode, Using Your Malware Analysis Machine

record/replay, The Risks of Using VMware for Malware Analysis, Single-Stepping

risks of using for malware analysis, Taking Snapshots

settings to avoid detection, Using ScoopyNG

Snapshot Manager, Connecting and Disconnecting Peripheral Devices

VMware Player, Malware Analysis in Virtual Machines

VMware Tools, The Structure of a Virtual Machine, VMware Artifacts

installing, The Structure of a Virtual Machine

stopping service, VMware Artifacts

VMware Workstation, Malware Analysis in Virtual Machines, Tools for Malware Analysis

VMwareService.exe, Anti-Virtual Machine Techniques

VMwareTray.exe, Anti-Virtual Machine Techniques

VMwareUser.exe, Anti-Virtual Machine Techniques

.vmx file, Using ScoopyNG

Volatility Framework, Tools for Malware Analysis

Von Neumann architecture, Reverse-Engineering

vtables, Virtual vs. Nonvirtual Functions, Use of Vtables

recognizing, Use of Vtables