Scribd
Upload
7 views9 pages

MA Record 1,2

The document outlines a two-week training program focused on file analysis techniques, including metadata extraction using ExifTool, file header analysis with Detect It Easy (DiE), and file size/hash analysis. It also covers setting up a sandbox environment for malware analysis and using VirusTotal for evaluating malicious files. Key steps include installing necessary tools, analyzing file properties, and safely handling malware samples in a controlled environment.

Uploaded by

sunilyadhav201
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views9 pages

MA Record 1,2

The document outlines a two-week training program focused on file analysis techniques, including metadata extraction using ExifTool, file header analysis with Detect It Easy (DiE), and file size/hash analysis. It also covers setting up a sandbox environment for malware analysis and using VirusTotal for evaluating malicious files. Key steps include installing necessary tools, analyzing file properties, and safely handling malware samples in a controlled environment.

Uploaded by

sunilyadhav201
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Extract 1

WEEK-1

a) File Metadata Analysis using ExifTool: Extracting Metadata from files to understand
their properties

Objective: Learn to extract metadata from different file types using ExifTool.
Requirements: Kali Linux or any other Linux Distribution
Internet access to download tools.
Step-1: Install ExifTool

1. From Repository: sudo apt-get install ExifTool.

Step-2: Extract metadata from an image file.

2. Run `ExifTool: exiftool image.jpg


3. Analyze output: check for creation date,camera model,gps,etc.

Step-3: Extract metadata from a document file.

1. Run exiftool: exiftool document.docx


2. Analyze output: look for creator name,creation date, software version,etc.
Output:
b) File Header Analysis using DiE(Detect it Easy): Examining the header and
determining the types of files

OBJECTIVE : To analyze the header of a file to determine its type using Detect It Easy (DiE), a
tool that helps identify file formats by examining their headers and metadata.

Step-1: Download DiE from its official website - https://www.detect-it-easy.com


Step-2: Once downloaded Launch DiE by double clicking the executable file
Step-3: Click on Open button and upload the file you want to analyze

Step-4: Once the file is loaded DiE will display various information of the file
.

c) File size and hash Analysis: Checking the file using size properties, computing hash
values for the file.

1. Create the Shell Script:


- Open a text editor and create a file named `infect.sh`.
- Add the following content:
cat sample.txt malware.exe > infected_sample.txt
2. Make the Script Executable:
- Open Terminal.
- Navigate to the directory containing `infect.sh`.
- Make the script executable:
chmod +x infect.sh
3. Run the Script:
- Execute the script to infect the file:
./infect.sh
Analyzing the Infected File:
After running the script, `infected_sample.txt` will be created, combining `sample.txt`
and `malware.exe`.
File Size Analysis:
- Linux/Mac:
ls-lh infected_sample.txt
Hash Values:
- Linux/Mac:
md5sum infected_sample.txt
sha256sum infected_sample.txt
WEEK-2

Configure a sandbox environment like Cuckoo Sandbox or REMnux for malware


sample analysis in a controlled environment.

Step-1: A malware sample was safely obtained from the MalwareBazaar platform
Step-2: The sample was handled inside a virtual machine (Kali Linux) to ensure isolation and
prevent any impact on the host system.
Step-3: DiE was downloaded from its official website and installed in Kali Linux.
Step-4: The downloaded archive (usually a ZIP) was extracted inside the isolated VM.The DiE
GUI was opened by executing its binary.The malware file was dragged and dropped into the DiE
window for analysis.
Step-5:The Scan button was clicked. After scanning, advanced scan checks were also selected to
get more detailed information.The File Info section was opened, which displayed detailed
metadata, such as the file type, compiler used, packer (if any), and potential indicators of
obfuscation.
Malicious file analysis using Virus Total : Uploading the malicious file to Virus Total and
analysing the results for potential malware.
Step 1: Go to MalwareBazaar
 Open your browser and go to:
https://bazaar.abuse.ch
 You can either:
o Search for a malware type (e.g., Formbook, AgentTesla, exe, doc)
o Or click "Recent Uploads" to view latest samples

Step 2: Download a Malware Sample


3. Once you find a sample, click on its SHA256 hash to open the detail page.
4. Scroll down and click on:
Download Sample (.zip) – it will be a password-protected ZIP file
5. Enter the password to unzip:
infected (universal MalwareBazaar password)
Do not open or run the file. Only use tools to inspect or hash the file.

Step 3: Analyze with VirusTotal


6. Go to:
https://www.virustotal.com
7. Log in (or sign up) for full features.
8. Click "Choose file" and upload the malware sample (extracted .exe or .doc, NOT the
ZIP).
9. VirusTotal will:
o Scan with ~70 antivirus engines
o Show detection ratio
o Show file behavior (if dynamic analysis is available)
o List contacted domains/IPs
o Extract metadata (e.g., PE headers, compile time

You might also like