Where to look for malware executable files?

D

DollyPapper2018-06-08 00:16:54

Antivirus

DollyPapper, 2018-06-08 00:16:54

Hello toaster! Actually a subject. Where? For example, where can I find, for example, the executable file of the sensational Petya? How do companies specializing in information security do it? I want to understand the search methodology.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

cssman, 2018-06-08
@cssman

Hello. There are no general cases, they can pretend to be some kind of library and fall in Windows in system32, they can register somewhere with an extra line and be called by the svchost process, or they can just lie on the desktop.
They search with pens only when they know what and where to look for, for this there are reports on each well-known malware.
In Petya's case, there were a lot of articles, and not only on habré , how, where, which module to look for and what it does.
And in order to write such a report, you need relevant experience in virus analytics, a set of tools (avpo, forensic, scanners, sandbox) and a sufficient amount of working time.