Behavioral Analysis and Reverse Engineering of Simulated Keylogger Malware
Course Instructor
Pramod Gupta
Abstract
This project explores the behavior and the inner workings of keylogger malware through the creation, analysis, and decompilation of a simulated keylogger in a controlled environment. Keyloggers are a huge cybersecurity threat due to their ability to silently capture sensitive user input, such as passwords and personal information. Understanding how they operate is essential for developing effective detection and mitigation strategies.
The project begins by developing a lightweight simulated keylogger designed to mimic the main functions of real-world malware, including capturing keystrokes and storing them for potential exfiltration. This behavior is closely monitored to understand how and when data is logged.
A decompiler is used to reverse-engineer the keylogger, breaking down the binary code into an easy to read form. This process provides insights into the malware’s logic and techniques which supports a better understanding of how these threats function at the binary level. The demonstration is meant to draw attention to identifying keylogger behaviors, recognizing obfuscation techniques, and implementing basic countermeasures to prevent this from happening.
This project is intended for cybersecurity students, professionals, and IT administrators seeking an understanding of malware behavior, analysis techniques, and low-level software forensics.
Behavioral Analysis and Reverse Engineering of Simulated Keylogger Malware
This project explores the behavior and the inner workings of keylogger malware through the creation, analysis, and decompilation of a simulated keylogger in a controlled environment. Keyloggers are a huge cybersecurity threat due to their ability to silently capture sensitive user input, such as passwords and personal information. Understanding how they operate is essential for developing effective detection and mitigation strategies.
The project begins by developing a lightweight simulated keylogger designed to mimic the main functions of real-world malware, including capturing keystrokes and storing them for potential exfiltration. This behavior is closely monitored to understand how and when data is logged.
A decompiler is used to reverse-engineer the keylogger, breaking down the binary code into an easy to read form. This process provides insights into the malware’s logic and techniques which supports a better understanding of how these threats function at the binary level. The demonstration is meant to draw attention to identifying keylogger behaviors, recognizing obfuscation techniques, and implementing basic countermeasures to prevent this from happening.
This project is intended for cybersecurity students, professionals, and IT administrators seeking an understanding of malware behavior, analysis techniques, and low-level software forensics.
