These malware analysis reports were conducted as part of the Malware Analysis course at Sapienza University of Rome. The purpose of these projects is to examine packed Windows malware samples, reverse engineer their behavior, and identify their core capabilities using advanced static and dynamic analysis techniques.
A primary focus of these analyses centers on manual unpacking techniques and analysis of shellcode injection mechanisms commonly utilized by threats to evade detection.
Across these reports, the analysis process systematically includes:
Triage & Packer Identification: inspecting PE structures, file entropy, and identifying packers used to hinder static analysis.
Manual Unpacking: debugging packed samples to locate the Original Entry Point (OEP), dumping the unpacked executable from memory, and reconstructing the Import Address Table (IAT) using Scylla.
Reverse Engineering: deep-diving into relevant subroutines using IDA to map execution flow and logic.
Evasion & Defense Evasion: analyzing environment checks, anti-debugging tricks, anti-VM techniques, and runtime string deobfuscation.
Injection & Payload Analysis: tracking shellcode injection techniques, extracting raw payloads, and analyze them.
Behavioral & Network Analysis: monitoring network activity, identifying Command-and-Control (C2) communication, and mapping persistence mechanisms.
The reports reveal various malicious capabilities including dynamic API resolution, registry-based persistence, local network scanning, and process injection.
For detailed descriptions of the methodologies, technical findings, and indicators of compromise (IOCs), you can access the full repository below:
All resources in this repository are for educational purposes only. Use the provided material responsibly and only in environments where you have explicit permission to test. Unauthorized hacking is illegal and unethical.