COMP47810 Malware Analysis

Academic Year 2022/2023

This module teaches machine code reverse engineering (through disassembly) in order to equip students with the ability and knowledge to perform their own research of unknown malicious software and to use the results of the performed analysis to draw credible conclusions from the available evidence. The course teaches core skills of binary code reverse engineering using disassembly, interactive debugging and dynamic monitoring of software behaviour. The key reverse engineering tools (IDA Pro, OllyDbg, and others) are introduced by example of x86 malware reverse engineering.

Show/hide contentOpenClose All

Curricular information is subject to change

Learning Outcomes:

● Learn key concepts and techniques of static reverse engineering
● x86 assembly programing
● Common code structures introduced by compilers
● Windows PE format
● Common approaches to reverse engineering using interactive disassembly and interactive
● Determining behavioural characteristics of a malware executable using dynamic analysis
● Practical skills with IDA Pro interactive disassembler, OllyDbg interactie debugger, Cuckoo Sandbox.

Indicative Module Content:

● Assembly programming (intel x86)
● Identifying high-level C language structures in compiled code
● Windows Portable Executable format
● IDA Pro disassembler, Cuckoo sandbox

Student Effort Hours: 
Student Effort Type Hours




Autonomous Student Learning




Approaches to Teaching and Learning:
The course material will be delivered as weekly live lectures that will be recorded and made available for students to view afterwards. The lectures will be complemented by bi-weekly practical assignments that students will do during practical sessions.

Requirements, Exclusions and Recommendations

Not applicable to this module.

Module Requisites and Incompatibles
Not applicable to this module.
Assessment Strategy  
Description Timing Open Book Exam Component Scale Must Pass Component % of Final Grade
Examination: Written exam. 2 hour End of Trimester Exam No Alternative linear conversion grade scale 40% No


Assignment: Bi-weekly practical assignments. Throughout the Trimester n/a Alternative linear conversion grade scale 40% No


Carry forward of passed components
Resit In Terminal Exam
Autumn Yes - 2 Hour
Please see Student Jargon Buster for more information about remediation types and timing. 
Feedback Strategy/Strategies

• Feedback individually to students, post-assessment
• Online automated feedback

How will my Feedback be Delivered?

Assignment results will be notified after submission deadline. Where appropriate (e.g. when answering MCQ tests) the results will be communicated automatically online.

C. Eagle "The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler", Second Edition
M. Sikorski, A. Hoing "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", FIrst Edition