COMP47810 Malware Analysis

Academic Year 2022/2023

This module teaches machine code reverse engineering (through disassembly) in order to equip students with the ability and knowledge to perform their own research of unknown malicious software and to use the results of the performed analysis to draw credible conclusions from the available evidence. The course teaches core skills of binary code reverse engineering using disassembly, interactive debugging and dynamic monitoring of software behaviour. The key reverse engineering tools (IDA Pro, OllyDbg, and others) are introduced by example of x86 malware reverse engineering.

Show/hide contentOpenClose All

Curricular information is subject to change

What will I learn?

Learning Outcomes:

● Learn key concepts and techniques of static reverse engineering
● x86 assembly programing
● Common code structures introduced by compilers
● Windows PE format
● Common approaches to reverse engineering using interactive disassembly and interactive
debugging
● Determining behavioural characteristics of a malware executable using dynamic analysis
● Practical skills with IDA Pro interactive disassembler, OllyDbg interactie debugger, Cuckoo Sandbox.

Indicative Module Content:

● Assembly programming (intel x86)
● Identifying high-level C language structures in compiled code
● Windows Portable Executable format
● IDA Pro disassembler, Cuckoo sandbox

How will I learn?

Student Effort Hours:

Student Effort Type	Hours
Lectures	24
Laboratories	24
Autonomous Student Learning	77
Total	125

Approaches to Teaching and Learning:
The course material will be delivered as weekly live lectures that will be recorded and made available for students to view afterwards. The lectures will be complemented by bi-weekly practical assignments that students will do during practical sessions.

Am I eligible to take this module?

Requirements, Exclusions and Recommendations

Not applicable to this module.

Module Requisites and Incompatibles

Not applicable to this module.

How will I be assessed?

Assessment Strategy

Description	Timing	Open Book Exam	Component Scale	Must Pass Component	% of Final Grade
Examination: Written exam.	2 hour End of Trimester Exam	No	Alternative linear conversion grade scale 40%	No	60
Assignment: Bi-weekly practical assignments.	Throughout the Trimester	n/a	Alternative linear conversion grade scale 40%	No	40

Carry forward of passed components
Yes

What happens if I fail?

Resit In	Terminal Exam
Autumn	Yes - 2 Hour

Please see Student Jargon Buster for more information about remediation types and timing.

Assessment feedback

Feedback Strategy/Strategies

• Feedback individually to students, post-assessment
• Online automated feedback

How will my Feedback be Delivered?

Assignment results will be notified after submission deadline. Where appropriate (e.g. when answering MCQ tests) the results will be communicated automatically online.

Reading List

C. Eagle "The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler", Second Edition
M. Sikorski, A. Hoing "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", FIrst Edition

UCD Course Search
Malware Analysis (COMP47810)

Academic Year 2022/2023

The information contained in this document is, to the best of our knowledge, true and accurate at the time of publication, and is solely for informational purposes. University College Dublin accepts no liability for any loss or damage howsoever arising as a result of use or reliance on this information.

Malware Analysis (COMP47810)

Subject:: Computer Science
College:: Science
School:: Computer Science
Level:: 4 (Masters)
Credits:: 5.0
Trimester:: Spring
Module Coordinator:: Assoc Professor Pavel Gladyshev
Mode of Delivery:: Blended
Internship Module:: No
How will I be graded?: Letter grades

(Google Chrome is recommended when printing this page)