├── Section 2
    ├── packtub.c
    ├── packtub(1).c
    ├── packtub_x86.asm
    └── packtub_x86(1).asm
├── Other files
    └── Malware_Samples_password_packtub.zip
├── Section 4
    └── debugger_detection.c
├── LICENSE
└── README.md


/Section 2/packtub.c:
--------------------------------------------------------------------------------
1 | #include<stdio.h>
2 | 
3 | int main(){
4 | 	printf("Packtub Rules");
5 | }


--------------------------------------------------------------------------------
/Section 2/packtub(1).c:
--------------------------------------------------------------------------------
1 | #include<stdio.h>
2 | 
3 | int main(){
4 | 	printf("Packtub Rules");
5 | }


--------------------------------------------------------------------------------
/Other files/Malware_Samples_password_packtub.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/alienwithin/Fundamentals-of-Malware-Analysis/master/Other files/Malware_Samples_password_packtub.zip


--------------------------------------------------------------------------------
/Section 4/debugger_detection.c:
--------------------------------------------------------------------------------
 1 | //Detect debugger using Kernel32 function (IsDebuggerPresent) in WIN API
 2 | #define PACKTUB_WIN32_DEBUG_DETECT
 3 | #include <windows.h>
 4 | #include <stdio.h>
 5 |  
 6 | int main(int argc, char **argv)
 7 | {
 8 | if (IsDebuggerPresent())
 9 | {
10 | MessageBox(HWND_BROADCAST, "Debugger Detected, I will exit", "Debugger Detected", MB_OK);
11 | exit();
12 | }
13 | MessageBox(HWND_BROADCAST, "Debugger Not Detected, I will infect", "Debugger Not Detected", MB_OK);
14 | return 0;
15 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Packt
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Section 2/packtub_x86.asm:
--------------------------------------------------------------------------------
 1 | ;Packtub assembly sample
 2 | main: # @main
 3 |   ;begin prolog assembly function
 4 |   ;ebp (frame pointer). On entry to our main function, 
 5 |   ;we use it to remapping the stack in order to save the value for the calling function i.e.
 6 |   ; add ebp's value to the stack
 7 |   push ebp
 8 |   ;copy the stack pointer, into the base pointer so that it points to our main function
 9 |   mov ebp, esp
10 |   ;end prolog assembly function
11 |   ;reserve space for local variables i.e 8 bytes
12 |   sub esp, 8
13 |   ;find an effective address to load our string into
14 |   lea eax, [.L.str]
15 |    ; DWORD PTR means Double-word property which is 32 bits i.e.
16 |    ; "move the string to the 32 bits of the stack in a place which 
17 |    ; starts with the address of the stack pointer.
18 |   mov dword ptr [esp], eax
19 |   ; call the printf function
20 |   call printf
21 |   ;clear the ecx register or set it to zero
22 |   xor ecx, ecx
23 |   mov dword ptr [ebp - 4], eax # 4-byte Spill
24 |   ; Move the 4 bytes in memory at the address contained in ecx into EAX
25 |   mov eax, ecx
26 |   ;add 8 to the stack pointer
27 |   add esp, 8
28 |   ;remove ebp value from the stack
29 |   pop ebp
30 |   ret
31 |   ; Our static string
32 | .L.str:
33 |   .asciz "Packtub Rules"
34 |   
35 |   
36 |   
37 |   


--------------------------------------------------------------------------------
/Section 2/packtub_x86(1).asm:
--------------------------------------------------------------------------------
 1 | ;Packtub assembly sample
 2 | main: # @main
 3 |   ;begin prolog assembly function
 4 |   ;ebp (frame pointer). On entry to our main function, 
 5 |   ;we use it to remapping the stack in order to save the value for the calling function i.e.
 6 |   ; add ebp's value to the stack
 7 |   push ebp
 8 |   ;copy the stack pointer, into the base pointer so that it points to our main function
 9 |   mov ebp, esp
10 |   ;end prolog assembly function
11 |   ;reserve space for local variables i.e 8 bytes
12 |   sub esp, 8
13 |   ;find an effective address to load our string into
14 |   lea eax, [.L.str]
15 |    ; DWORD PTR means Double-word property which is 32 bits i.e.
16 |    ; "move the string to the 32 bits of the stack in a place which 
17 |    ; starts with the address of the stack pointer.
18 |   mov dword ptr [esp], eax
19 |   ; call the printf function
20 |   call printf
21 |   ;clear the ecx register or set it to zero
22 |   xor ecx, ecx
23 |   mov dword ptr [ebp - 4], eax # 4-byte Spill
24 |   ; Move the 4 bytes in memory at the address contained in ecx into EAX
25 |   mov eax, ecx
26 |   ;add 8 to the stack pointer
27 |   add esp, 8
28 |   ;remove ebp value from the stack
29 |   pop ebp
30 |   ret
31 |   ; Our static string
32 | .L.str:
33 |   .asciz "Packtub Rules"
34 |   
35 |   
36 |   
37 |   


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Fundamentals of Malware Analysis [Video]
 2 | This is the code repository for [Fundamentals of Malware Analysis [Video]](https://www.packtpub.com/networking-and-servers/fundamentals-malware-analysis-video?utm_source=github&utm_medium=repository&utm_campaign=9781788390279), published by [Packt](https://www.packtpub.com/?utm_source=github). It contains all the supporting project files necessary to work through the video course from start to finish.
 3 | ## About the Video Course
 4 | This video course aims to introduce the basic concepts of malware and you’ll get familiar with the different types of malware and the malware analysis process. Before moving on with the techniques of malware analysis, you’ll see how to set up your own lab to make a secure environment for malware analysis.
 5 | Moving on, you’ll get familiar with the basic techniques of static and dynamic malware analysis and gets your hands dirty with debuggers and disassemblers such as OllyDbg and IDA PRO. You’ll learn how to analyze malware and understand its anatomy using these tools and techniques. Finally, you’ll be exposed to the techniques that malware may use to evade detection and remain undetected.
 6 | By the end of the course, you’ll have a solid knowledge that will enable you to analyze the majority of malware programs.
 7 | 
 8 | 
 9 | <H2>What You Will Learn</H2>
10 | <DIV class=book-info-will-learn-text>
11 | <UL>
12 | <LI><SPAN id=what_you_will_learn_c class=sugar_field>Study malware behavior based on its class.</SPAN> 
13 | <LI><SPAN id=what_you_will_learn_c class=sugar_field>Gather advanced dynamic and static malware analysis.</SPAN> 
14 | <LI><SPAN id=what_you_will_learn_c class=sugar_field>Gain experience in working with OllyDbg, WINDBG, and IDA Pro.</SPAN> 
15 | <LI><SPAN id=what_you_will_learn_c class=sugar_field>Know how to detect and defend against malware. </SPAN>
16 | <LI><SPAN id=what_you_will_learn_c class=sugar_field>See how packers and unpackers work.</SPAN></LI></UL></DIV>
17 | 
18 | ## Instructions and Navigation
19 | ### Assumed Knowledge
20 | To fully benefit from the coverage included in this course, you will need:<br/>
21 | 
22 | ●	Fundamental programming concepts
23 | 
24 | ●	Familiarity with Git and GitHub for source control
25 | 
26 | ●	An understanding of basic Windows operating systems
27 | 
28 | ●	(Optional) Experience with virtual machines
29 | 
30 | ### Technical Requirements
31 | This course has the following software requirements:<br/>
32 | 
33 | ●	An editor like notepad++
34 | 
35 | ●	Virtual Box
36 | 
37 | This course has been tested on the following system configuration:
38 | 
39 | ●	OS: Windows 7
40 | 
41 | ●	Processor: Dual Core 3.0 Ghz
42 | 
43 | ●	Memory: 4GB
44 | 
45 | ●	Hard Disk Space:10 GB
46 | 
47 | ●	Video Card: 256MB Video Memory
48 | 
49 | 
50 | ## Related Products
51 | * [Fundamentals of Machine Learning with scikit-learn [Video]](https://www.packtpub.com/big-data-and-business-intelligence/fundamentals-machine-learning-scikit-learn-video?utm_source=github&utm_medium=repository&utm_campaign=9781789134377)
52 | 
53 | * [R Data Analysis Projects [Video]](https://www.packtpub.com/big-data-and-business-intelligence/r-data-analysis-projects-video?utm_source=github&utm_medium=repository&utm_campaign=9781789130638)
54 | 
55 | * [Hands On Functional Kotlin [Video]](https://www.packtpub.com/application-development/hands-functional-kotlin-video?utm_source=github&utm_medium=repository&utm_campaign=9781788476706)
56 | 
57 | 


--------------------------------------------------------------------------------