Learn how to find and analyze malware that's undetected by most antivirus programs by leveraging two powerful tools inside of the Windows Performance Toolkit.
- [Instructor] In order to get the most out of this course, you should be able to read lines of code written in C++. If you need a refresher or you're new to the programming language, watch Up and Running with C++, by Peggy Fisher. This malware is able to perform multiple recording tasks all at the same time, since this application is multi-threaded. A single-threaded application can only perform a single task, one at a time. Whereas a multi-threaded application can run multiple tasks all at the same time.
That is how this malware can record your key presses, your microphone, the screen, and the webcam all at once. This malware was created in Visual Studio, so we'll be spending our time in that IDE when we inspect the source code. Be familiar and knowing your way around Visual Studio will help. We'll also be seeing many Windows API calls when we look at the call stack of the malware, inside the Windows performance analyser. So, if you have used Windows APIs before, that's a plus. If you're not familiar with Windows APIs, that's okay, since we also research the unknown functions later on in the course.
OpenCV is a third-party library created by Intel that's commonly used for video capturing and image processing. Since OpenCV supports hardware acceleration, it gives this malware the ability to efficiently record the webcam and computer screen with hardware acceleration. OpenCV stands for open computer vision, and more information can be found at OpenCV.org. The malware you see in this course was built off the spyware you see in my previous Spyware Detection courses. The first course introduced a key logger that could only record your keystrokes.
The Spyware Audio Detection course took that same key logger and introduced microphone-recording capabilities. For those interested in knowing more about spyware and how it works, check out those courses. In this course, we focus on analyzing malware so that you can use the knowledge gained here to defend yourself against threats that are undetected, like this one.
- Analyzing malware
- Reviewing the overall structure of the malware
- Collecting malware data
- Finding and analyzing keylogger patterns
- Analyzing screen recordings
- Analyzing webcam recordings
- Analyzing microphone recordings
- Recording prevention tips