In this chapter, we will be covering more advanced concepts for malware analysis. In the previous chapter, we covered general methods for attacking malware classification. Here, we will discuss more specific approaches and cutting-edge technologies. In particular, we will cover how to approach obfuscated and packed malware, how to scale up the collection of N-gram features, and how to use deep learning to detect and even create malware.
This chapter comprises the following recipes:
- Detecting obfuscated JavaScript
- Featurizing PDF files
- Extracting N-grams quickly using the hash-gram algorithm
- Building a dynamic malware classifier
- MalConv – end-to-end deep learning for malicious PE detection
- Using packers
- Assembling a packed sample dataset
- Building a classifier for packers
- MalGAN – creating evasive malware
- Tracking malware drift