Skip to main content

Behavioral Malware Analysis

Behavioral Malware Analysis teaches you the fundamental skills necessary to analyze malicious software from a behavioral perspective. From simple key loggers to massive botnets, this class covers a wide variety of current threats. Using system monitoring tools and analytic software, you will analyze real-world malware samples in a training environment, giving you hands-on experience building secure lab environments, classifying malware, analyzing behavioral characteristics and their effects to systems, and documenting your findings. You will leave the course with the skills and abilities required to be an effective malware analyst.

This class is taught as 70% hands-on and 30% classroom instruction, and culminates in a capstone exercise where students will analyze and report on a complex piece of malware.

Request Course Details

Attending students will learn

After successfully completing this course. students will be able to:

  • Set up a secure lab environment in which to analyze malicious software
  • Build and maintain a toolset of freely available, trusted tools
  • Classify different types of malware and describe their capabilities
  • Analyze malware samples of varying types to ascertain their specific behavioral characteristics and their impact on a system
  • Determine if a given sample is persistent and, if so, identify and remediate the persistence mechanism(s)
  • Identify when a sample is aware of its virtual environment and will require more advanced static or dynamic analysis
  • Document analytic findings using a comprehensive reporting template

Who should attend

  • Threat operation analysts seeking a better understanding of malware
  • Incident responders who need to quickly address a system security breach
  • Forensic investigators who need to identify malicious software
  • Individuals who have experimented with malware analysis and want to expand their malware analysis techniques and methodologies


  • Thorough understanding of Microsoft Windows
  • Experience with VMWare software although not required would be beneficial
  • Knowledge of networking protocols and Wireshark filtering is recommended but not required

Course Outline

Day 1

  • Reverse Engineering
  • Malware Overview
  • Windows Internals Regarding Malware Analysis
  • Building an Analysis Environment
  • Behavioral Analysis Process (BA)
  • Understanding and Using the BA Process
  • Knowing Your Goals
  • BA Tools of The Trade

Day 2

  • Baselining
  • Document Embedded Malware
  • Macro Viruses
  • Botnets

Day 3

  • Keyloggers
  • Malicious Mobile Code
  • Backdoors
  • Trojan Horses
  • User Mode Rootkits

Day 4

  • VMWare Detection
  • Destructive Malware
  • CHM Malware
  • Kernel Mode Rootkits

Day 5 – Student Practical Demonstration

Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students will derive the answers to questions regarding one final real-world malware specimen. Each student will have to reverse engineer the malware to discover its capabilities and persistence level as well as the threat level of the malware.

Courses That Follow This Course

Request More Info About This Course


tweets by @FocalPointDR

Loading Tweets...