Malware Static Analysis
Malware analysts must develop the skills needed to perform the necessary steps. Malware authors are constantly innovating and we, too, future malware analysts must cope with this. Performing procedures and staged analysis can help to simplify the life of an analyst. Depending on the situation, an analyst may encounter a situation inside their organization that requires them to respond to a fast paced procedure when it comes to an incident.
is a type of analysis that doesn’t require the sample to be executed. It is done by inspecting the PE header, resource section, hash value and etc. to extract as much information from the sample being analyzed as possible.
Static Analysis is typically performed to check if the sample is packed, to know the sample’s file type, and to check the timestamps in order to correlate it with other analyzed samples. Static analysis can also aid the analyst in preparing the environment if the sample needs further analysis. Sometimes, this alone isn’t enough to understand the inner workings of the sample.
Even if this type of analysis doesn’t require the sample to be executed, it is then required to perform these steps inside an isolated environment. (You won’t like to explain the scenario when you accidentally execute the sample inside your environment.)
Bintext
TriD
strings
CFF Explorer
PEStudio
PEID
