CEH v13: Malware Threats

Table of Contents
Click Here to Return To the Certified Ethical Hacker (CEH v13) Course Page
Malware Threats examines malicious software in the EC-Council CEH v13 course. This module covers malware types, delivery, analysis, and countermeasures. Detonate live samples only inside an isolated, authorized lab.
Malware is code that performs unauthorized actions on a system. You learn how each type behaves so you recognize it during an engagement and defend against it.
Malware Types
| Type | Behavior |
|---|---|
| Virus | Attaches to files and needs a user to run it |
| Worm | Spreads on its own across a network |
| Trojan | Hides inside a useful-looking program |
| Ransomware | Encrypts data and demands payment |
| Spyware | Secretly collects user activity |
| Rootkit | Hides deep in the OS to keep access |
| RAT | Gives an attacker remote control |
A Remote Access Trojan (RAT) opens a persistent backdoor so the attacker controls the host remotely. Fileless malware runs in memory using built-in tools like PowerShell, which is a living-off-the-land approach that evades file scanners.
Malware Analysis
You study a sample in two ways.
- Static analysis inspects the file without running it, checking strings, hashes, and headers.
- Dynamic analysis runs the sample in a sandbox and watches behavior, network calls, and file changes.
# Static checks: hash and readable strings
sha256sum sample.bin
strings sample.bin | grep -iE "http|cmd|powershell"
Always analyze in an isolated virtual machine with no production access. Confirm a file’s integrity using the hash of files on Linux guide or on Windows .
Countermeasures
You reduce malware risk with layered defenses.
- EDR and antivirus detect and block known and suspicious code.
- Application whitelisting allows only approved programs to run.
- Sandboxing isolates untrusted files before they reach users.
- Patching closes the flaws worms and Trojans exploit.
Keep backups offline, because offline copies survive a ransomware event.
Next Steps
Capture traffic that malware and attackers generate in Sniffing . Revisit how attackers gain the foothold in System Hacking . Return to the Certified Ethical Hacker (CEH v13) Course .


