UNIVERSITY OF CENTRAL FLORIDA

 

DEPARTMENT OF COMPUTER SCIENCE

 

CAP 4145 Introduction to Malware Analysis

 

Spring 2018

 

Instructor:

Dr. Xinwen Fu

Office

TBD

Phone

407-823-5337

E-Mail

xinwenfu@ucf.edu

Homepage

http://www.cs.ucf.edu/~xinwenfu/

Office Hours:

TuTh 10:30AM ~ 11:45AM

 

Course Name:

CAP 4145 Introduction to Malware Analysis

Credits:

3.00

Duration:

Jan 8, 2018 - May 1, 2018

Time:

TuTh 12:00PM - 1:15PM

Location:

ENG1 427

 

TA:

N/A

Email:

N/A

 

COURSE DESCRIPTION

Introduction to using reverse engineering techniques to find and analyze the behavior of programs in binary form; assembly language, reverse engineering tools, and virtual machines.

 

COURSE PREREQUISITES

CIS 3360 Security in Computing - UCF CS

 

DESCRIPTION OF INSTRUCTIONAL METHODS

 

COURSE REQUIREMENTS

Recommended reading: Michael Sikorski and Andrew Honig, Practical Malware Analysis, ISBN-13: 978-1-59327-290-6

 

Class Attendance Policy

Students should attend the class in the classroom.

 

Cheating and Plagiarism Policy

All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee.  Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.

 

Make-up Exams

 

COURSE OBJECTIVES

·       Basic malware analysis

·       Advanced static analysis

·       Advanced dynamic analysis

·       Malware behavior

·       Anti-reverse engineering

·       Shell code analysis

 

EVALUATION PROCEDURES (tentative)

Components of Course Grade:

Assignments

20%

Midterm Exam

30%

Final Exam

30%

Term Project

20%

 

Grade Scale: A (4.00), A- (3.75), B+ (3.25), B (3.00), B- (2.75), C+ (2.25), C (2.00), C- (1.75), D+ (1.25), D (1.00), D- (0.75), F (0.00)

 

 

A

90 ~ 100

A-

85 ~ 89.9

B+

80 ~ 84.9

B

75 ~ 80

B-

70 ~ 74.9

C+

65 ~ 69.9

C

60 ~ 64.9

D

50 ~ 59.9

F

below 50

 

Homework Assignments

 

Exams

 

Projects

 

UNIVERSITY DEADLINES: Refer to Academic Calendar

 

EARLY ALERT STATEMENT

Academic Success Support

As your professor, I am personally committed to supporting YOUR academic success in this course.  For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you.  If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter.  My goal is to make your learning experience in this course as meaningful and successful as possible.

 

Americans with Disabilities Act (ADA) Statement

 

TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester. The instructor reserves the right to change the topics.

 

 

Module

Week

Topics

Description

Module 1

 

Basic malware analysis

 

Module 2

 

Advanced static analysis

 

Module 3

 

Advanced dynamic analysis

 

Module 4

 

Malware behavior

 

Module 5

 

Anti-reverse engineering

 

Module 6

 

Shell code analysis

 

 

Tools

 

1.     Windows XP Mode,

2.     Download VirtualBox,

3.     LPE-DLX_1.4,

4.     PEiD-0.95-20081103, PEiD

5.     PEview

6.     Regshot

7.     ResHackerPortable, Resource Hacker

8.     Strings(1), Strings(2)

9.     depends22_x86(1), Dependency Walker 2.2(2)

10.  upx309w, upx3.94

11.  md5deep

12.  WinMD5Free

13.  Hybrid Analysis

14.  sandbox.pikker.ee

15.  procmon

16.  Process Explorer

17.  Regshot

18.  ApateDNS, needs .Net Framework 3.5

19.  Netcat

20.  INetSim

21.  Fakenet

22.  Microsoft® Visual Studio® 2005 Express Editions

23.  MASM32 SDK 11

24.  FileAlyzer 2.0

25.  HxD

26.  IDA Free (Disassembler, now 7.0 cannot run on Windows XP Mode)

27.  radare2 (Disassembler)

28.  ImpREC

29.  LordPE

30.  Malcode Analyst Pack

31.  OllyDbg

32.  Resource Hacker

33.  Sysinternals Suite

34.  Visual Studio

35.  Windbg

36.  Wireshark-win32-1.10.14.exe (Windows XP), Wireshark all Win32 versions