How does a virus analyst analyze a file?

1. Simulate the operation of suspicious files through a virtual machine and detect his actions.

2. Decompile the program, and judge the nature of the program through assembly language.

3. Virus analysts need to be proficient in the operation of various analysis software, also need to have strong knowledge of assembly language, and also need to have a certain understanding of the underlying operation mode of the program in Windows.

The program scans the key to the file**, and the virus database is the same, it is judged to be a virus, that is, the file is checked against the work, if there is no library can be made a simple logical judgment to see if there is a threat.

Hello questioner, my question is very sure and it is a problem that no one has, so there is no credit and hard work! If you have any questions about me, you can send me a message, I will add as soon as possible, I hope you don't close the problem, because you close the problem, your bounty can't be returned, and it's not good for you, because it's better to choose me as the only one, thank you, whether you choose me as the best or not, I will still pack the quality and quantity of your problem, thank you ——hkhk366

When a virus analyst analyzes whether a file is a virus file, it must be a virus sample that already exists in the virus signature database, otherwise how can it be judged whether it is a virus? The analysis method is mainly to compare the file analysis with the virus key ** in the virus database, and the virus file is present, otherwise it is not confirmed that it is a virus file. If you must test whether the file has a destructive effect on the computer, you need to activate the file in the virtual system, and use system monitoring software to monitor what operations the file has done to the system and whether it has a destructive effect, so as to determine whether it is classified as a virus.

I'm about the same goal as you.,I'm also learning.,My future direction is also a virus analyst or the direction of Windows kernel driver development.,I learned from several seniors.,After chatting with them.,I think to engage in virus analysis,You must have strong assembly skills and disassembly skills.,General disassembly** completely to understand,You have to be particularly familiar with the PE format of general files.。 And I won't talk about the two basics of OD and IDA, I recommend two books to you, which I am currently studying, Qi Li's "Windows PE Authoritative Guide" and Uncle Qian's "C++ Disassembly and Reverse Technology Revealed". After all, I think this direction is too difficult and unpopular, but I still have to stick to it.

I'm not from here, do you have QQ, we can communicate together.

I heard the great god say that after reading these two books, you will find a lot of things you don't understand when you practice.

In general, there are two cases, one is to use sandbox, virtual machine, and the other is to use OD class decompilation.

One method is to analyze the impact on the system through the method of comparison, through the infected and uninfected systems, that is, starting from the behavior of the virus (of course, some software can easily track the behavior of a certain program).

The second method is to analyze the virus from a compilation point of view, which is difficult to operate and easily limited (well-designed encryption can make this process extremely painful), but it is possible to thoroughly understand the principle of the virus.

Virus analysis is generally disassembled, personal advice, first proficient in assembly language, and then read the disassembly book (preferably foreigner), in the purchase of this virus analysis. There are a lot of them online.

Toxicity analysis is generally disassembled, personal advice, first proficient in assembly language, and then read the disassembly book (preferably foreigner), in the purchase of virus analysis. There are a lot of them online.

Happy to live in a treasure land for a thousand years, blessing according to the family, everything is prosperous, and welcome the New Year.

- Analyze suspicious files and provide solutions.

Develop anti-virus tools and in-house tools.

requirements:

Bachelor's degree or above, have a strong interest in computer science (computer related major is preferred) - more than 1 year of software development or testing experience.

Proficient in the use of C C++, master the basic data structure and algorithm, and have an understanding of the principles of assembly and compilation is preferred.

Good reading and debugging skills.

Aspire to work in the field of computer security.

Good English reading and writing skills, CET-4 or above.

Careful, patient, good at communication, strong learning ability, team spirit.

1. System analyst is an intermediate and senior certificate in the soft examination; the format of the written examination; The examination time for comprehensive knowledge, case analysis and ** 3 subjects is divided into 2 half-days, the examination time for comprehensive knowledge subjects is hours, the examination time for case analysis subjects is hours, and the examination time for **subjects is 2 hours; In one examination, all subjects are passed, and only single or double subjects are not awarded.

2. The qualified personnel who have passed the system analyst examination should be familiar with the business in the application field, be able to analyze the needs and constraints of users, write the specification of information system requirements, formulate project development plans, and coordinate all kinds of personnel involved in the development and operation of information systems; Able to guide the formulation of strategic data planning of enterprises and the organization and development of information systems; Ability to evaluate and select appropriate development methods and tools; Able to write system analysis and design documents in accordance with standard specifications; Able to carry out quality control and schedule control of the development process; Able to provide specific guidance on project development; Have the practical working ability and business level of senior engineers.

3. A qualified system analyst should not only have a solid knowledge of information technology and grasp the development direction of computer technology, but also must have knowledge of management science; Not only should you have a strong system view and logical analysis ability, be able to abstract the system model from complex things, but also have good oral and written expression skills, strong organizational skills, and be good at working with people; It is necessary not only to have a solid theoretical foundation, but also to have rich practical experience in the project.

Personally, I feel that it should be more promising, after all, the trend of information terminals is to develop in the direction of mobile, and naturally the security problems for mobile devices will increase day by day. View the original post

This industry is the most lacking in talent, and the monthly salary of a virus analyst is generally 10,000 or more At present, there are no general courses in this area in universities, and most of them are some superficial professors.

I haven't been to high school yet... Programming should be known, isn't it supposed to be called a maintenance person, there are anti-virus engineers? Haven't heard of it.

Possibly, in the Virus Samples section

The card rice is really disgusting, he has everything to search, and there is no hair when he clicks in.

Hehe, thanks for the advice, it seems that there is no card [:05:].