Module Code: H9MWAN
Long Title Malware Analysis
Title Malware Analysis
Module Level: LEVEL 9
EQF Level: 7
EHEA Level: Second Cycle
Credits: 5
Module Coordinator: Vikas Sahni
Module Author: Margarete Silva
Departments: School of Computing
Specifications of the qualifications and experience required of staff  
Learning Outcomes
On successful completion of this module the learner will be able to:
# Learning Outcome Description
LO1 Research, compare and contrast the different types of malware.
LO2 Evaluate the Windows Operating System as a target platform for malicious code.
LO3 Investigate and assess malware through behavourial analysis and sandboxing.
LO4 Design, evaluate and implement defence solutions to prevent against malware attack.
LO5 Analyse criminal infrastructure as part of an online malware investigation.
Module Recommendations

This is prior learning (or a practical skill) that is required before enrolment on this module. While the prior learning is expressed as named NCI module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

No recommendations listed
Co-requisite Modules
No Co-requisite modules listed
Entry requirements  

Module Content & Assessment

Indicative Content
Malware Threat Landscape
• Current Malware Landscape • Future of Threat Landscape • Malware Types • Key parts of the Windows OS as it relates to malware
Behavioural Malware Analysis
• Setting up a malware lab • Extracting malware from a machine • Static Analysis • Blackboxing analysis of malware • Malware sandboxing
Internet Investigations
• Malware network infrastructure mapping • OSINT for malware investigations
Windows Portable Executables
• Windows PE File Format • Malware Packers / Crypters • File Infector Viruses
Cybercrime Businesses
• Underground Business Models • Botnet Command & Control Architecture
Anti-Malware Defences
• AV Engines • YARA
Assessment Breakdown%


Full Time

Assessment Type: Continuous Assessment % of total: 60
Assessment Date: n/a Outcome addressed: 1,2,3
Non-Marked: No
Assessment Description:
Practical assignments based on black boxing analysis of a given malware sample, and compiling a detailed report on its activities
Assessment Type: Project % of total: 40
Assessment Date: n/a Outcome addressed: 3,4,5
Non-Marked: No
Assessment Description:
Project to carry out an internet investigation into the infrastructure of a piece of malware, as well as determining defences to protect against future attacks.
No End of Module Assessment
No Workplace Assessment

NCIRL reserves the right to alter the nature and timings of assessment


Module Workload

Module Target Workload Hours 0 Hours
Workload: Full Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture No Description 1 Every Week 1.00
Tutorial No Description 1 Every Week 1.00
Total Weekly Contact Hours 2.00

Module Resources

Recommended Book Resources
  • M. Sikorski, A. Honig. (2012), Practical Malware Analysis,, 3rd Edition. No Starch Press.
  • M. Ligh, S. Adair, B. Hartstein, M. Richard. (2010), Malware Analyst's Cookbook and DVD,, Willey.
Supplementary Book Resources
  • P. Szor. (2005), The Art of Computer Virus Research and Defense, Addison-Wesley.
This module does not have any article/paper resources
Other Resources
Discussion Note: