UNIVERSITY OF CENTRAL FLORIDA

 

DEPARTMENT OF COMPUTER SCIENCE

 

CAP 4145 Introduction to Malware Analysis

 

Spring 2018

 

Instructor:

Dr. Xinwen Fu

Office

TBD

Phone

407-823-5337

E-Mail

xinwenfu@ucf.edu

Homepage

http://www.cs.ucf.edu/~xinwenfu/

Office Hours:

TuTh 10:30AM ~ 11:45AM

 

Course Name:

CAP 4145 Introduction to Malware Analysis

Credits:

3.00

Duration:

Jan 8, 2018 - May 1, 2018

Time:

TuTh 12:00PM - 1:15PM

Location:

ENG1 427

 

TA:

N/A

Email:

N/A

 

COURSE DESCRIPTION

Introduction to using reverse engineering techniques to find and analyze the behavior of programs in binary form; assembly language, reverse engineering tools, and virtual machines.

 

RECOMMENDED TEXTBOOK

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

by Michael Sikorski and Andrew Honig, February 2012, 800 pp., ISBN-13: 978-1-59327-290-6

 

COURSE PREREQUISITES

CIS 3360 Security in Computing - UCF CS

 

DESCRIPTION OF INSTRUCTIONAL METHODS

 

COURSE REQUIREMENTS

Recommended reading: Michael Sikorski and Andrew Honig, Practical Malware Analysis, ISBN-13: 978-1-59327-290-6

 

Class Attendance Policy

Students should attend the class in the classroom.

 

Cheating and Plagiarism Policy

All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee.  Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.

 

Make-up Exams

 

COURSE OBJECTIVES

·       Basic malware analysis

·       Advanced static analysis

·       Advanced dynamic analysis

·       Malware behavior

·       Anti-reverse engineering

·       Shell code analysis

 

EVALUATION PROCEDURES (tentative)

Components of Course Grade:

Assignments

20%

Midterm Exam

30%

Final Exam

30%

Term Project

20%

 

Grade Scale: A (4.00), A- (3.75), B+ (3.25), B (3.00), B- (2.75), C+ (2.25), C (2.00), C- (1.75), D+ (1.25), D (1.00), D- (0.75), F (0.00)

 

 

A

90 ~ 100

A-

85 ~ 89.9

B+

80 ~ 84.9

B

75 ~ 80

B-

70 ~ 74.9

C+

65 ~ 69.9

C

60 ~ 64.9

D

50 ~ 59.9

F

below 50

 

Homework Assignments

 

Exams

 

Projects

 

UNIVERSITY DEADLINES: Refer to Academic Calendar

 

EARLY ALERT STATEMENT

Academic Success Support

As your professor, I am personally committed to supporting YOUR academic success in this course.  For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you.  If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter.  My goal is to make your learning experience in this course as meaningful and successful as possible.

 

Americans with Disabilities Act (ADA) Statement

 

TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester. The instructor reserves the right to change the topics.

 

 

Module

Week

Topics

Description

Module 1

 

Basic malware analysis

 

Module 2

 

Advanced static analysis

 

Module 3

 

Advanced dynamic analysis

 

Module 4

 

Malware behavior

 

Module 5

 

Anti-reverse engineering

 

Module 6

 

Shell code analysis

 

 

Tools

 

1.     Windows XP Mode

2.     VirtualBox

3.     Labs for Practical Malware Analysis

4.     LPE-DLX_1.4, LordPE

5.     PEiD-0.95-20081103 (or PEiD)

6.     PEview

7.     Stud_PE

8.     Regshot

9.     Resource Hacker (or ResHackerPortable)

10.  Strings (1) (or Strings (2))

11.  Dependency Walker 2.2 (1) (or depends22_x86 (2))

12.  upx3.94 (or upx309w)

13.  md5deep

14.  WinMD5Free

15.  procmon

16.  Process Explorer

17.  Regshot

18.  XVI32

19.  7-Zip

20.  ApateDNS, needs .Net Framework 3.5 (Note: .Net Framework 3.5 setup needs Internet)

21.  Netcat

22.  INetSim (Linux)

23.  Fakenet

24.  Microsoft® Visual Studio® 2005 Express Editions (Note: setup needs Internet). (or Microsoft Visual Studio 2005 is desired if available)

25.  Windows SDK and emulator archive, including Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1 (works with Windows XP SP3 and VC++ 2005)  (Note: setup needs Internet)

26.  MASM32 SDK 11

27.  FileAlyzer 2.0

28.  HxD

29.  IDA Free (Disassembler, now 7.0 cannot run on Windows XP)

30.  OllyDbg

31.  Sysinternals Suite

32.  Windbg

33.  Wireshark-win32-1.10.14.exe (Windows XP)

34.  Wireshark all Win32 versions

35.  ImpREC

36.  radare2 (Disassembler)

37.  Malcode Analyst Pack ( Note: installer may need Internet)

38.  Hybrid Analysis

39.  VirusTotal

40.  sandbox.pikker.ee