Skip to main content

MA 100 - Behavioral Malware Analysis

Learn how to perform dynamic malware analysis.

Behavioral Malware Analysis teaches you all the fundamental requirements necessary to analyze malicious software from a behavioral perspective. Using system monitoring tools, this course teaches how to observe malware in a controlled environment to quickly analyze its malicious effects to the system. From simple keyloggers to massive botnets, this class covers a wide variety of current threats used on the Internet today, with actual samples being analyzed in the training environment. With the majority of the class being hands-on, each student will be issued a laptop with a secure environment to learn the skills and essential methodologies required to be an effective malware analyst.

Request Course Details

Attending students will learn

  • How to identify malware and discover its capabilities
  • How to setup a secure lab environment to analyze malicious software
  • Host Baselining
  • How to use open source tools to characterize malware samples quickly
  • Obfuscation methods used by attackers to escape detection

Who should attend

  • Threat operation analysts seeking a better understanding of malware
  • Incident responders who need to quickly address a system security breach
  • Forensic investigators who need to identify malicious software
  • Individuals who have experimented with malware analysis and want to expand their malware analysis techniques and methodologies


  • Thorough understanding of Microsoft Windows
  • Experience with VMWare software although not required would be beneficial
  • Knowledge of networking protocols and Wireshark filtering is recommended but not required

Course Outline

Day 1

  • Reverse Engineering
  • Malware Overview
  • Windows Internals Regarding Malware Analysis
  • Building an Analysis Environment
  • Behavioral Analysis Process (BA)
  • Understanding and Using the BA Process
  • Knowing Your Goals
  • BA Tools of The Trade

Day 2

  • Baselining
  • Document Embedded Malware
  • Macro Viruses
  • Botnets

Day 3

  • Keyloggers
  • Malicious Mobile Code
  • Backdoors
  • Trojan Horses
  • User Mode Rootkits

Day 4

  • VMWare Detection
  • Destructive Malware
  • CHM Malware
  • Kernel Mode Rootkits

Day 5 – Student Practical Demonstration

Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students will derive the answers to questions regarding one final real-world malware specimen. Each student will have to reverse engineer the malware to discover its capabilities and persistence level as well as the threat level of the malware.

Courses That Follow This Course

Request More Info About This Course

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...