Windows Service Analysis
Introduction In my first post, I will analyze the dropper of Shamoon 3.0 malware which is windows service executable that differs from a normal executable structure and execution method. So by analyzing dropper of Shamoon 3.0, we can understand: 1) windows service structure. 2) how to analyze & debug windows service. So let us understand what's windows service and how it structured before jumping to Analysis. Windows service program a program that executed by Service Control Manager (SCM) and conforms to its rules. it runs in the background with no GUI interface as it doesn't need a user to interact with it. It can be started automatically at system boot. Windows Service Structure The Window Service Structure program consists of three important functions as seen in windows service structure Figure: 1. Main entry point function the main function of the windows service program, its goal to inform the...