Skip to Main Content
Malware Analysis is the top trend in the security industry. The number of new malware samples and toolkits for automated malware generation are growing exponentially, whereas the analysis capacity and knowledge are going down. In this paper we are going to discuss the infrastructure we created for malware analysis, with network dissection of traffic, execution of samples on multiple virtual machines or in real ones if required. The architecture performs fast analysis, comparing the results of multiple different anti-viruses and uses customized kernel-drivers, loaders and a clustered environment. New machines can be easily added to increase performance. Dispatchers, memory dumpers and dissectors are going to be discussed, as well as results we got in our live lab.