To fight against the evolution of malware and its development, the specific methodologies that are applied by the malware analysts are crucial. Yet, this is something often overlooked in the relevant bibliography or in the formal and informal training of the relevant professionals. There are only two generic and all-encompassing structured methodologies for Malware Analysis (MA) - SAMA and MARE. The question is whether they are adequate and there is no need for another one or whether there is no such need at all. This paper will try to answer the above and it will contribute in the following ways: it will present, compare and dissect those two malware analysis methodologies, it will present their capacity for analysing modern malware by applying them on a random modern specimen and finally, it will conclude on whether there is a procedural optimization for malware analysis over the evolution of these two methodologies.
翻译:防止恶意软件的演变及其发展,恶意软件分析员采用的具体方法至关重要,然而,在相关文献目录或相关专业人员的正式和非正式培训中,这往往被忽视,只有两种通用和包罗万象的结构化方法(MA) -- -- SAMA和MARE。问题是,这些方法是否足够,是否有必要再使用一个方法,或是否根本不需要。本文件将试图回答上述问题,并将以下列方式作出贡献:它将提出、比较和解析这两种恶意软件分析方法,它将展示他们分析现代恶意软件的能力,将其应用在随机的现代样本上,最后,它将就这两种方法的演变是否对恶意软件分析有程序上的优化作出结论。