Emotet is a Trojan that is commonly spread through emails. It was initially designed to steal banking credentials. It uses a number of strategies and infection vectors to spread over space and establish persistence on infected devices. This paper proposes a framework for analyzing Emotet malware through the process of reverse engineering, to reduce this time consumption we have researched some function calls that can help us in understanding the activity and where to locate the payload. The research is done for two types of files only, they are EXE and DLL files. Firstly we analyze the PE structure of the file using CFF explorer and check for irregularities in the address of the header. using Ghidra we further our analysis of the sample to check for irregularities, API calls, strings and many other information relating to structure of our file. On finding the common functionality and understanding its usage we can determine the kind of behavior the sample would perform and the API calls used for malicious activity. Based on the malicious activity performed we will determine whether the sample provided is Emotet or clean.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.