Comparing Malicious Files

Presented at RVAsec 2019, May 22, 2019, 11 a.m. (50 minutes)

A critical step taken during the malware analysis process is to attempt to determine the malware family a sample may belong to. Even if one cannot link a file to a family, one must at least try to find files that are similar and extrapolate information about the sample from comparison with these similar files. This talk reviews a variety of methods for comparing files from simple to complex.

Presenters:

• Robert Simmons - ThreatConnect
  Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, and DerbyCon among others. Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.

Links:

• https://rvasec2019.sched.com/event/O1iE/comparing-malicious-files
• https://infocon.org/cons/RVAsec/RVAsec 2019/Robert Simmons - Comparing Malicious Files.mp4
• https://infocon.org/cons/RVAsec/RVAsec 2019/Robert Simmons - Comparing Malicious Files.eng.srt (subtitles)

Similar Presentations:

• Black Hat USA 2015 / Internet-Scale File Analysis