Comparative Review of Malware Analysis Methodologies

TL;DR

This paper compares the two main structured methodologies for malware analysis, SAMA and MARE, evaluating their effectiveness on modern malware samples and discussing potential procedural improvements.

Contribution

It provides a detailed comparison of SAMA and MARE, applies them to modern malware, and assesses the need for procedural enhancements in malware analysis methodologies.

Findings

SAMA and MARE are the primary structured malware analysis methodologies.

Application on modern malware reveals strengths and limitations of both methods.

Discussion on potential procedural optimizations for malware analysis.

Abstract

To fight against the evolution of malware and its development, the specific methodologies that are applied by the malware analysts are crucial. Yet, this is something often overlooked in the relevant bibliography or in the formal and informal training of the relevant professionals. There are only two generic and all-encompassing structured methodologies for Malware Analysis (MA) - SAMA and MARE. The question is whether they are adequate and there is no need for another one or whether there is no such need at all. This paper will try to answer the above and it will contribute in the following ways: it will present, compare and dissect those two malware analysis methodologies, it will present their capacity for analysing modern malware by applying them on a random modern specimen and finally, it will conclude on whether there is a procedural optimization for malware analysis over the evolution of these two methodologies.