Course Title: 
Malware Analysis
Course Code: 
Year Taught: 
Postgraduate (PG)
School of Engineering
Cyber Security

"Malware Analysis" is an elective course offered in Cyber Security Systems & Networks program at School of Engineering, Amrita Vishwa Vidyapeetham, Amritapuri.

Introduction to malware, Basic Static and Dynamic Analysis, Overview of Windows file format, PEView.exe, Patching Binaries , Disassembly(objdump, IDA Pro), Introduction to IDA, Introduction to Reverse Engineering, Extended Reverse Engineering using GDB and IDA, Advanced Dynamic Analysis - debugging tools and concepts, Malware Behavior - malicious activities and techniques, Analyzing Windows programs – WinAPI, Handles ,Networking , COM, Data Encoding, Malware Countermeasures , Covert Launching and Execution, Anti Analysis - Anti Disassembly, VM, Debugging -, Packers – packing and upacking, Intro to Kernel – Kernel basics, Windows Kernel API, Windows Drivers, Kernel Debugging, Rootkit Techniques- Hooking, Patching, Kernel Object Manipulation , Rootkit Anti-forensics , Covert analysis

  1. Michael Sikorski and Andrew Honig, “ Practical Malware Analysis”, No Starch Press,2012
  2. Jamie Butler and Greg Hoglund, “Rootkits: Subverting the Windows Kernel”, Addison-Wesley, 2005
  3. Dang, Gazet and Bachaalany, “Practical Reverse Engineering”,Wiley,2014
  4. Reverend Bill Blunden, “The Rootkit Arsenal: Escape and Evasion in the Dark Corners ofthe System” Second Edition,Jones& Bartlett, 2012.