Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Malware Analysis Techniques
Malware Analysis Techniques

Malware Analysis Techniques: Tricks for the triage of adversarial software

eBook
€22.99 €32.99
Paperback
€41.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Malware Analysis Techniques

Chapter 1: Creating and Maintaining your Detonation Environment

Malware can be slippery, difficult to dissect, and prone to escapism. As malware analysts, however, we frequently find ourselves in a position where it's necessary to be able to both examine the binaries and samples we come across, as well as actively run the samples and observe their behavior in a semi-live environment. Observing how the malware behaves within a real-world OS informs us as analysts how to better defend and remediate infections of the same kind we come across.

Such needs present several challenges:

  • How do we execute and study malicious code while ensuring our real environments remain safe and we do not assist the malware authors in propagating their code?
  • What tools do we require to ensure that we're able to adequately study the malware?
  • How do we achieve the two aforementioned goals in a repeatable fashion so that we do not have to rebuild our environment after every piece of malware we study?

In this chapter, we'll review how it's possible to set up a VM specifically for the purposes of analyzing adversarial code, while simultaneously ensuring that we remain on good terms with our friends in Systems Administration, and do not spread our samples across the network, thereby defeating the purposes of our analysis.

In this chapter, we'll cover the following topics:

  • Setting up VMware Workstation with Windows 10
  • Tooling installation – FLARE
  • Isolating your environment
  • Maintenance and snapshotting

Technical requirements

The following are the requirements for this chapter:

Setting up VirtualBox with Windows 10

An excellent tool, which is also free (as in beer), is Oracle's VirtualBox. We'll utilize this software package to create our malware analysis environment with a Windows 10 VM.

To begin, we'll navigate to the VirtualBox download page, which can be found at https://virtualbox.org/wiki/downloads. The page should look like the one shown in the following screenshot:

Figure 1.1 – Downloading VirtualBox for macOS, Windows, and Linux

Figure 1.1 – Downloading VirtualBox for macOS, Windows, and Linux

Let's now move on to downloading and installing VirtualBox.

Downloading and verifying VirtualBox

Here, we can select our host OS, with Linux, macOS, and Windows all supported platforms. In this instance, the process will be completed in macOS, but post-installation, the steps are largely the same, and generally platform-agnostic. Begin by selecting your host OS and downloading the latest package for VirtualBox.

As with downloading any binary or package from the internet, it is an excellent idea to ensure that the download is neither corrupt nor has been tampered with during transit.

Thankfully, Oracle provides pre-computed SHA256 sums of their packages, and we can use sha256sum on either Linux or Mac to ascertain whether we have the correct package:

Figure 1.2 – The SHA256 sum of the downloaded file

Figure 1.2 – The SHA256 sum of the downloaded file

Once we have computed the SHA256 in our terminal, we can compare it to known hashes on the VirtualBox page found at https://www.virtualbox.org/download/hashes/6.1.12/SHA256SUMS. Here, we can see that we have a matching hash and can proceed with the installation:

Figure 1.3 – The list of known good hashes published for VirtualBox's installer packages

Figure 1.3 – The list of known good hashes published for VirtualBox's installer packages

Installing Windows 10

Once you have gone through the installation steps for VirtualBox on your platform and have run the application, you'll be presented with the following screen. We can now begin building our environment:

Figure 1.4 – The VirtualBox main screen

Figure 1.4 – The VirtualBox main screen

In order to create our malware analysis environment, it will be necessary to have a Windows 10 installation ISO. If you do not already have a Windows 10 ISO, one may be obtained from Microsoft at https://www.microsoft.com/en-us/software-download/windows10. You will be required to purchase a license key in order to activate your copy of Windows:

  1. To begin creating our VM, we'll click the New button in VirtualBox, as seen in the following screenshot:
    Figure 1.5 – Click New to begin creating your analysis VM

    Figure 1.5 – Click New to begin creating your analysis VM

  2. Clicking the New button will reveal a new pane requiring several selections. Here, we'll want to select Windows 10 (64-bit). The machine may be named anything of your choosing. Once these fields are filled in, click Continue:
    Figure 1.6 – Name your VM and select the proper OS configuration

    Figure 1.6 – Name your VM and select the proper OS configuration

    At this point, VirtualBox will guide you through several steps. Proceed with the defaults here – no additional customization is necessary for our use case, with one exception: if you have sufficient memory on your host machine, strongly consider changing the memory to 4,096 MB for a smoother experience (and to bypass some possible anti-analysis techniques! More on this later).

  3. Once done with the creation of the VM, we are dropped back at our initial screen with a VM available to us. However, it is necessary to specify the ISO file that the VM's OS should be installed from. For this, highlight the VM we've just created, and click Settings, as shown in the following screenshot:
    Figure 1.7 – Click the Settings button in VirtualBox's main pane

    Figure 1.7 – Click the Settings button in VirtualBox's main pane

  4. A new pane will be presented that outlines the many settings currently applied to the VM. Here, we'll select Storage, and then the compact disc icon in the tree. From here, we can click the browse icon and then select the applicable ISO for installation. Then, click OK:
    Figure 1.8 – Selecting the virtual optical disk file

    Figure 1.8 – Selecting the virtual optical disk file

  5. Once the applicable ISO has been loaded, it's time to boot the VM and begin installation of Windows. To do this, simply highlight the VM you have created and then select Start:
    Figure 1.9 – Clicking the Start button will launch our analysis VM

    Figure 1.9 – Clicking the Start button will launch our analysis VM

    If everything has been done correctly to this point, the VM will boot and a Windows 10 installation screen will appear! Here, we can click Next and then proceed as usual through our Windows 10 installation steps:

    Figure 1.10 – Select the appropriate language and keyboard layout for your region

    Figure 1.10 – Select the appropriate language and keyboard layout for your region

  6. We'll continue by creating a new partition and begin our installation as shown in the following screenshot:
    Figures 1.11 – Create a new partition by utilizing the New button

    Figures 1.11 – Create a new partition by utilizing the New button

    Once this is finished, a Windows installation screen will appear. Please wait for it to finish:

    Figure 1.12 – Installation of Windows 10

    Figure 1.12 – Installation of Windows 10

  7. Once the installation of Windows has completed, a screen will appear asking for a username to be utilized, along with a corresponding password:

    Analysis tip

    It is highly advisable to make the password entirely unique to the instance in which we are working. Malware often steals passwords for reuse in further campaigns or operations.

    Figure 1.13 – Choose a totally unique password for this VM

    Figure 1.13 – Choose a totally unique password for this VM

  8. Once the user has been created, Windows will prompt for a few more settings related to privacy – which you may answer how you choose:
Figure 1.14 – Windows 10's privacy settings

Figure 1.14 – Windows 10's privacy settings

Analysis tip

You may consider replicating the settings pictured here. While disabling Windows 10 telemetry isn't required, you may not want to deliver data to Microsoft over the internet if you're utilizing it to analyze sensitive samples.

Once all the selections have been completed, Windows will perform a number of final initialization steps for the OS and drop you at the desktop!

Installing the FLARE VM package

Before the critical step of isolating our VM from the outside world can be undertaken, tools that require the internet to be downloaded must first be loaded on the VM. Our brand-new VM would be largely useless to us without the requisite tools utilized by malware analysts to glean information, of which there are a multitude.

Thankfully, the folks at FireEye have created a wonderful installation package called FLARE VM, a PowerShell script that can automatically download and install nearly every tool a malware analyst would need. The script is publicly available on GitHub at the following address: https://github.com/fireeye/flare-vm. This script will save a great deal of tedium and allow us to instantly install the necessary tooling:

Figure 1.15 – Downloading the FLARE VM package from GitHub

Figure 1.15 – Downloading the FLARE VM package from GitHub

Once you have downloaded the ZIP file containing the repository for FLARE VM, right-click the ZIP archive and extract it. Once extracted, you'll be presented with a directory containing several files, including a .ps1 script. From here, we can begin the tooling installation process.

To begin the tooling installation process, it is first necessary that we obtain an administrative console in PowerShell. To do so, we can utilize WinKey + X, which presents the option to open a Windows PowerShell prompt as an administrator:

Figure 1.16 – Administrative PowerShell option in the Start menu

Figure 1.16 – Administrative PowerShell option in the Start menu

Once the administrative shell has been obtained, starting the installation is a matter of two commands issued in a single line:

cd C:\Users\$Your_Username\Downloads\flare-vm-master\flare-vm-master; powershell.exe -ExecutionPolicy Bypass -File .\Install.ps1

With these commands issued, FLARE's Chocolatey-based installer will take over and prompt for credentials stored as secure strings. Once these credentials are entered, the installation will proceed, rebooting the VM several times, and logging in automatically following each reboot. No further action is required on our part during the installation:

Figure 1.17 – FLARE's install.ps1 prompting for credentials

Figure 1.17 – FLARE's install.ps1 prompting for credentials

Analysis tip

FLARE installs a lot of tools. It may take quite a while to install, depending on the speed of your internet connection. It would be wise to utilize this time to make a sandwich, relax, or catch up on your favorite TV show.

Once the entire process has been completed, you'll be presented with the following desktop:

Figure 1.18 – The FLARE VM desktop

Figure 1.18 – The FLARE VM desktop

Several changes are apparent here. First, we have a FLARE folder, which is chock full of great malware analysis and dissection tools.

Additionally, you have the official FLARE VM wallpaper. Our malware analysis workstation is now set up and very nearly ready to go!

Isolating your environment

With our tooling installed, we no longer require internet access for most malware analysis. Analysis with a VM connected to the internet can pose several risks and should be avoided unless absolutely necessary. Risks associated with exposing your VM to the internet include the following:

  • Allowing attackers to directly interact with the target machine via command and control
  • Assisting in the wider propagation of worming malware to your network or others
  • Accidentally participating in illegal activities such as DDoS as a zombie, being utilized as a proxy for further hacking of targets, and more

For these reasons, it's important that we set our VM to be isolated by default and only expose it to the internet if absolutely necessary in order to further understand our malware. And even in instances such as these, take proper precautions.

Isolating your VM is a simple process, and only requires a few clicks. As before, we'll highlight our VM in VirtualBox, and then click the Settings icon as shown in the following screenshot:

Figure 1.19 – VirtualBox's Settings button will take you to the Settings pane

Figure 1.19 – VirtualBox's Settings button will take you to the Settings pane

With the Settings pane open, navigate to the Network pane. Here, we can select Host-only Adapter. This will limit the VM's network communication to just the host and prevent the spread of malware via the network to more sensitive endpoints.

Thankfully, other host isolation features such as Shared Folders and Shared Clipboard access are off by default in VirtualBox and do not require further configuration for VM isolation:

Figure 1.20 – Setting up Host-only Adapter

Figure 1.20 – Setting up Host-only Adapter

A word on executing with network activity

Occasionally, when examining malware samples, it is impossible to proceed without having an internet-connected VM. Droppers responsible for writing malware to disk often reach out to staging servers on the internet to download secondary stages, as opposed to writing them directly to disk from memory.

This can pose a challenge to an isolated VM and prevent an analyst from fully studying the execution of malware within an environment. Fortunately, it's possible to determine whether this access is required with a number of tools prior to enabling network access for your VM. These tools will be covered further in Chapter 3, Dynamic Analysis – Techniques and Tooling.

While VirtualBox does not necessarily have built-in mechanisms for safely executing in this manner, it's highly recommended that a separate network be set up, either physically or via a VLAN, for any dynamic malware analysis that requires network connectivity in order to function properly.

Maintenance and snapshotting

Now that the basis for the malware analysis VM has been set up, the tools installed, and everything is ready to go, it is important to ensure that the work does not have to be repeated each time we would like to dynamically analyze a new piece of malware.

If we simply detonated each piece of malware on top of the previous samples, it would confuse our indicators of compromise (IOCs), and we would likely be unable to tell what the result of a previous piece of malware was, what the result of the piece we were analyzing was, and what was just normal system activity.

VirtualBox has a built-in feature that has us covered – Snapshots. A snapshot is exactly as it sounds – a moment-in-time representation of how the VM's filesystem, registry, and other features existed precisely when that snapshot was taken. It allows an analyst to revert a VM to a time before it was purposely infected with malware.

To take a golden-image snapshot of our newly created malware analysis VM, we'll navigate to VirtualBox's main menu, click the hamburger button just to the right of our VM name, and then click Snapshots:

Figure 1.21 – The Snapshots pane to take, manage, and delete any snapshot taken of your VM

Figure 1.21 – The Snapshots pane to take, manage, and delete any snapshot taken of your VM

Once clicked, the snapshot pane opens, presenting us with the option to take a current snapshot and name it:

Analysis tip

It's best to have highly descriptive snapshot names so that you aren't left guessing and restoring snapshots blindly in an attempt to find the correct one.

Figure 1.22 – Taking our first snapshot

Figure 1.22 – Taking our first snapshot

When OK is clicked, the VM will pause for a few moments to take an image of the moment-in-time configuration and save it for later restoration. Once complete, we'll be able to see our snapshot in the list of available restore points in VirtualBox, as shown in the following screenshot:

Figure 1.23 – The snapshots panel in VirtualBox

Figure 1.23 – The snapshots panel in VirtualBox

Congratulations! You've created your malware analysis VM and ensured that we can continue to use it even after we detonate malware in it several times, returning it to its previous state with the click of a button.

Welcome to your home for the next 10 chapters.

Analysis tip

Snapshots aren't only great for keeping your VM clean! Initial vectors of malware (such as droppers) no longer work after a given period of time. If you have an infected instance of your VM that you think you'd like to study in the future and are unsure whether you'd be able to re-infect it, take a snapshot!

Summary

In this chapter, we've performed a basic setup of our malware analysis environment and built the foundation of what we will utilize to inspect adversarial software over the course of the book.

During this chapter, we have completed the construction of our analysis environment, including the downloading and installation of VirtualBox, the isolation of our host, and the installation of critical tools for our analysis via the FLARE VM package. With this built, we can now move on to the next chapter, where we will be inspecting and understanding live malware samples!

Left arrow icon Right arrow icon
Download code icon Download Code

Description

Malicious software poses a threat to every enterprise globally. Its growth is costing businesses millions of dollars due to currency theft as a result of ransomware and lost productivity. With this book, you'll learn how to quickly triage, identify, attribute, and remediate threats using proven analysis techniques. Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking. Finally, you'll get to grips with common tooling utilized by professional malware analysts and understand the basics of reverse engineering with the NSA's Ghidra platform. By the end of this malware analysis book, you’ll be able to perform in-depth static and dynamic analysis and automate key tasks for improved defense against attacks.

Who is this book for?

This book is for incident response professionals, malware analysts, and researchers who want to sharpen their skillset or are looking for a reference for common static and dynamic analysis techniques. Beginners will also find this book useful to get started with learning about malware analysis. Basic knowledge of command-line interfaces, familiarity with Windows and Unix-like filesystems and registries, and experience in scripting languages such as PowerShell, Python, or Ruby will assist with understanding the concepts covered.

What you will learn

  • Discover how to maintain a safe analysis environment for malware samples
  • Get to grips with static and dynamic analysis techniques for collecting IOCs
  • Reverse-engineer and debug malware to understand its purpose
  • Develop a well-polished workflow for malware analysis
  • Understand when and where to implement automation to react quickly to threats
  • Perform malware analysis tasks such as code analysis and API inspection
Estimated delivery fee Deliver to Denmark

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jun 18, 2021
Length: 282 pages
Edition : 1st
Language : English
ISBN-13 : 9781839212277
Category :
Languages :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Estimated delivery fee Deliver to Denmark

Premium delivery 7 - 10 business days

€17.95
(Includes tracking information)

Product Details

Publication date : Jun 18, 2021
Length: 282 pages
Edition : 1st
Language : English
ISBN-13 : 9781839212277
Category :
Languages :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 125.97
Privilege Escalation Techniques
€41.99
Adversarial Tradecraft in Cybersecurity
€41.99
Malware Analysis Techniques
€41.99
Total 125.97 Stars icon

Table of Contents

16 Chapters
Section 1: Basic Techniques Chevron down icon Chevron up icon
Chapter 1: Creating and Maintaining your Detonation Environment Chevron down icon Chevron up icon
Chapter 2: Static Analysis – Techniques and Tooling Chevron down icon Chevron up icon
Chapter 3: Dynamic Analysis – Techniques and Tooling Chevron down icon Chevron up icon
Chapter 4: A Word on Automated Sandboxing Chevron down icon Chevron up icon
Section 2: Debugging and Anti-Analysis – Going Deep Chevron down icon Chevron up icon
Chapter 5: Advanced Static Analysis – Out of the White Noise Chevron down icon Chevron up icon
Chapter 6: Advanced Dynamic Analysis – Looking at Explosions Chevron down icon Chevron up icon
Chapter 7: Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill Chevron down icon Chevron up icon
Chapter 8: De-Obfuscating Malicious Scripts: Putting the Toothpaste Back in the Tube Chevron down icon Chevron up icon
Section 3: Reporting and Weaponizing Your Findings Chevron down icon Chevron up icon
Chapter 9: The Reverse Card: Weaponizing IOCs and OSINT for Defense Chevron down icon Chevron up icon
Chapter 10: Malicious Functionality: Mapping Your Sample to MITRE ATT&CK Chevron down icon Chevron up icon
Section 4: Challenge Solutions Chevron down icon Chevron up icon
Chapter 11: Challenge Solutions Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(9 Ratings)
5 star 77.8%
4 star 22.2%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Kindle Customer Apr 05, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is excellent. It gives a good detailed guide to what Malware is, the different types, and how to effectively analyze it. The book gives a great hands on approach with the theory not being overwhelming at all. Highly recommend.
Amazon Verified review Amazon
Britt Adams Jun 22, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I hope to have more time soon to finish going through the exercises.
Amazon Verified review Amazon
Amazon Customer Jul 05, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I've always had an interest in malware analysis being a security analyst. Until now I tried to get into multiple malware analysis books but lost interest as most of them are not beginner friendly. This book is surely an exception. It take you from setting up an VM and static analysis to dynamic analysis, touches the concepts of reverse engineering and then using the IOCs for defense. The best part is how Dylan makes it easy for newbies to understand these concepts which once were so scary. I must say every security analyst and those who are interested in malware analysis should read it once.
Amazon Verified review Amazon
WideLineman Sep 10, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Book really teaches you how to put together a safe analysis environment and gives you great insight on developing an analysis workflow. I'm highly satisfied with this purchase.
Amazon Verified review Amazon
PJS Jul 25, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Dylan Barker clearly illustrates everything you need to know. This is the best malware analysis book you can buy!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela