Analyzing

In static analysis, we are looking for information about the executable, that can give us a glimpse of it's functionality and origin.

What information are we interested in ?

Compiler Stamp - When and where the malware was compiled.
Subsystem - What subsystem is being used ?
Sections - Is the executable packed and are there any inconsistent permissions.
Libraries & Imports - What libraries and imports are being used, and what information do they give us about the functionality of the malware.

Tools

Pestudio

PreviousUnderstanding The PE Header NextExamining The Resources Section

Last updated 1 year ago