Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Hands-on Malware Analysis (Windows 10/11 compatible)

Name: Hands-on Malware Analysis (Windows 10/11 compatible)
Rating: 4.5 (511 reviews)

Learn Malware Analysis by Coding Malware (Ransomware, Keyloggers, Injectors, malicious DLL’s, and more)

Created bySanru online Academy

Last updated 10/2025

English

What you'll learn

You will learn to analyze, prevent and codify ransomware (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify a keylogger which can hide in a legitimate windows process (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify a keylogger with filter to steal Facebook credentials (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify an injector to infect a legitimate Windows process (proof of concept). Source code will be provided for academic purposes.
You will learn to analyze, prevent and codify a malicious dll (proof of concept). Source code will be provided for academic purposes.
You will learn how to set up a test lab to safely analyze malware.
You will learn to differentiate between different types of malware, their behavior, their vectors attack, preventions advices and more.
You will learn the process a malware follows to get into your system.
You will learn by doing the main malware components: payload, obfuscator, persistence, stealth, and armoring.
You will learn how a malware connects to a Command and Control Center and what is its function.
You will learn to get Indicators of Compromise (IoC) on infected systems.
You will learn by doing how a simple piece of software could trick users to download malware.
You will learn to capture malware on your operating system.
You will learn how to capture malicious traffic on your network.

Course content

13 sections • 62 lectures • 5h 14m total length

Welcome1:55
Engage in hands-on malware analysis for windows 10/11, capturing and analyzing malicious code with 20 practices, reviewable line by line, and access full malware source code for learning.
Course Description2:08
Explore hands-on malware analysis from static to dynamic methods, learn to analyze, prevent, and document ransomware, keyloggers, and malicious DLLs, and set up a safe lab with full resources.

Section presentation and learning objectives1:02
What is malware? Infection Vectors, Why do we perform malware Analysis?3:22
Learn what malware is, how it turns devices into zombies for DDoS and mining, and inspect infection vectors like email, USB drives, phishing, and cross-site scripting for indicators of compromise.
Types of malware, Malware components, Command and Control Center5:31
How malware get in your system? Prevention methods, Static and Dynamic Analysis6:13
Introduction to Malware Analysis

Section presentation and learning objectives1:12
Set up a safe lab to run malware samples, including ransomware and keyloggers, with Windows 10 and Kali Linux VMs, Axum, VirtualBox settings, and a host-to-linux command-and-control simulation.
Setting up Windows 10 virtual machine8:24
Set up a Windows 10 virtual machine in VirtualBox for malware analysis, mounting the ISO, allocating 9 GB RAM and 50 GB disk, installing guest additions, and disabling protections.
Setting up Inetsim in Kali Linux virtual machine8:07
Setting up Inetsim in Windows 10 virtual machine3:14
Set up Inetsim in a Windows 10 virtual machine to redirect post requests from malware samples via a Kali Linux host, using a host-only adapter in VirtualBox for traffic analysis.
Virtual Box settings4:24
Configure virtual box to share folders and enable bi-directional clipboard between host and Windows guest, enable auto mount for permanent shares, and take snapshots before malware experiments.
Get back Windows 10 virtual machine on line1:35
Enable the Windows virtual machine's network connection by adjusting settings from host to only, then configure IPv4 to obtain an IP address and DNS server automatically to restore online access.

Section presentation and learning objectives0:51
Portable Executable (PE)7:28
File Type5:31
Fingerprinting9:29
Explore fingerprinting by generating cryptographic hashes to verify integrity and uniquely identify malware samples. Learn fuzzy hashing with SSD to compare similar binaries and detect modifications.
Strings3:35
Obfuscation11:26
Explore obfuscation techniques used by malware authors. Study encoders such as base64, caesar, xor, kryptos, and packers, and compare packed vs unpacked binaries with cff explorer for keylogger indicators.

Section presentation and learning objectives1:21
Social Engineering and Downloaders3:09
Explore how social engineering tricks users into downloading and executing a Windows patch, create persistence in the startup folder, and use a downloader to install more malware.
Catching Keyloggers7:26
Catching keylogger traffic 1/28:47
Catching keylogger traffic 2/29:16
Analyze malware traffic with process hacker and process monitor to identify triggering processes, monitor connections to a command and control center, and observe timer-driven activity and file changes.

Section presentation and learning objectives0:47
DLL analysis with rundll3210:09
Analyze a malicious dll by executing exportable functions with rundll32 to observe behavior, using CFF Explorer to inspect exports and run functions independently.
DLL analysis with x32dbg9:12
At the end of this video you'll find an: UPDATE---> Reaching dll8 entry point.
According to x32dbg last release.
DLL analysis combining x32dbg, rundll32 and procmon6:22
DLL analysis with Noriben4:40

Section presentation and learning objectives4:10
Explore what a keylogger is, its purpose, attacks, and prevention methods, and examine two proof of concept keyloggers with line by line code explanations.
Keylogger TotalAware3 code review8:19
Explore a proof-of-concept Windows keylogger in a C++ console project, reviewing keystroke capture via GetAsyncKeyState, console hiding, caps lock handling, and ASCII-based mapping.
Keylogger TotalAware2 presentation1:37
Explore the development of a sophisticated keylogger, including a Facebook activity filter, keystroke storage, and a command-and-control communication module, with explanations of delegates and the keyboard listener.
TotalAware2 Facebook spy module 1/26:27
Explore the Total Aware two Facebook spy module, demonstrating a keylogger that captures keystrokes when the active window contains Facebook and writes them to a log using a string builder.
TotalAware2 Facebook spy module 2/26:00
Explore a proof-of-concept malware module that logs keystrokes and posts the log to a command-and-control center, with basic hiding in a Windows form app and unencrypted data.
Delegates in C#6:44
TotalAware2 keyboard listener 1/27:49
TotalAware2 keyboard listener 2/27:05
Finish the keyboard listener review by examining the async dispatcher, key down and key up events, windows messages, and C# events and delegates, encouraging study and experimentation before ransomware topics.
Keyloggers

Requirements

Basic computer and programming knowledge in any language is recommended (Not mandatory).

Description

Updated: As promised, this course is constantly evolving, and we've just added an entirely new section! It covers Shims, and as always, you'll find: theory, a practical lab, and full access to the source code. Enjoy!

We will guide you step by step from Static to Dynamic Analysis, teaching you how to catch and examine our custom malware samples in your system and network!

You'll learn how to analyze, prevent, and code various types of malware, including Ransomware, Keyloggers, Injectors, malicious DLLs, Shims, and more.

Our labs are fully compatible with Windows 10 and 11.
This course is now part of the Sanru Online Academy and has been updated and re-edited for an enhanced learning experience.

This is a 100% interactive course.

We are committed to answering all your questions.

We are committed to keeping this course updated.

We are committed to adding new sections over time, making this course a living resource. This means you'll always have new malware samples to conduct your experiments on.

Did you know that the demand for Cybersecurity Researchers is increasing every year? And that this demand is not being met, with some of the highest salaries in the technology sector?

This course will teach you everything you need to kickstart your career as a Malware Analyst and pave your way into one of the most well-paid sectors in cybersecurity.

Based on the premise: "You can't analyze what you don't understand," we provide full malware source code (proof of concept). We'll guide you through our malware samples (Injectors, malicious DLLs, Keyloggers, and Ransomware) line by line.

Using our own malware samples, we will teach you stealth techniques, obfuscation, armoring, and persistence.

Even if you're not a beginner, you will still enjoy and gain valuable knowledge by analyzing our malware code and following the technical explanations.

This course was designed by experienced malware analysts, cybersecurity researchers, and academics. It is meant to be didactic and easy to follow, packed with resources that you'll find in the corresponding sections.

So far, we've added these resources (with more to come):

Rams1: A Ransomware malware sample (full code provided for academic purposes).
DecryptRams1: Software to decrypt files encrypted by Rams1 (full code provided for academic purposes).
Ransomware Help: A document to assist you if you get infected.
TotalAware2: A Keylogger that can steal Facebook credentials and connect to a Command and Control Center (full code provided for academic purposes).
TotalAware3: A Keylogger written in C++ (full code provided for academic purposes).
Injector7: Injects malicious code into a legitimate Windows process (full code provided for academic purposes).
Dll4: A malware sample coded in a DLL (full code provided for academic purposes).
Dll8: Demonstrates how to use export functions in a DLL (full code provided for academic purposes).
Practices: A document containing the lab exercises guide.
Lab Requirements and Quick Guide: A document to help you set up a safe lab for malware analysis.
Web Resources: A document with web pages we’ll use throughout the course.
CriticalPatchWin1.0: A malware sample designed to trick users into downloading malware (full code provided for academic purposes).

A quick note: Crackers are unwelcome! We are the good guys. Our malware samples are not meant to be weaponized.

What you’ll learn:

How to analyze, prevent, and code Ransomware (proof of concept). Source code provided for academic purposes.
How to analyze, prevent, and code a Keylogger that hides in legitimate Windows processes (proof of concept). Source code provided for academic purposes.
How to analyze, prevent, and code a Keylogger with a filter to steal Facebook credentials (proof of concept). Source code provided for academic purposes.
How to analyze, prevent, and code an Injector to infect legitimate Windows processes (proof of concept). Source code provided for academic purposes.
How to analyze, prevent, and code a malicious DLL (proof of concept). Source code provided for academic purposes.
How to set up a test lab to safely analyze malware.
How to differentiate between different types of malware, their behaviors, attack vectors, prevention techniques, and more.
How malware infects your system and its life cycle.
The main components of malware: payload, obfuscation, persistence, stealth, and armoring.
How malware connects to a Command and Control Center and its function.
How to gather Indicators of Compromise (IoCs) from infected systems.
How to analyze malware that tricks users into downloading it.
How to capture malware on your operating system.
How to capture malicious traffic on your network.

Course Requirements:

Basic computer and programming knowledge (in any language) is recommended but not mandatory.

Who is this Course For?

Beginners who want to pursue a lucrative career as Malware Analysts or Cybersecurity Researchers.
Malware enthusiasts and cybersecurity researchers looking to deepen their knowledge of cyber threats.

Who this course is for:

Beginners who want to pursuit a lucrative career as Malware Analysts or Cyber security researchers.
Malware enthusiasts in general, and cyber security researchers who want to gain knowledge in cyber threats.

Hands-on Malware Analysis (Windows 10/11 compatible)

What you'll learn

Explore related topics

Course content

Presentation2 lectures • 4min

Introduction to Malware Analysis4 lectures • 16min

Setting up the Lab6 lectures • 27min

Precautions before start any Lab1 lecture • 3min

Static Analysis6 lectures • 38min

Dynamic Analysis1 lecture • 3min

Hands-on Static and Dynamic Analysis5 lectures • 30min

Malware in DLLs5 lectures • 20min

Analyzing malicious DLLs5 lectures • 31min

Coding Keyloggers8 lectures • 48min

Requirements

Description

Who this course is for: