Online Courses
Malware Analysis
Online Courses
Malware Analysis
  • Malware Analysis Bootcamp
  • What is Malware Analysis ?
  • Setting Up Our Environment
  • Static Analysis
  • File Type Identification
  • Generating Malware Hashes
  • Extracting Strings
  • Packers & Unpacking
  • Understanding The PE Header
    • Analyzing
  • Examining The Resources Section
  • Malware Classification And Identification
    • YARA Rules
Powered by GitBook
On this page
  • What information are we interested in ?
  • Tools
  1. Understanding The PE Header

Analyzing

In static analysis, we are looking for information about the executable, that can give us a glimpse of it's functionality and origin.

What information are we interested in ?

  1. Compiler Stamp - When and where the malware was compiled.

  2. Subsystem - What subsystem is being used ?

  3. Sections - Is the executable packed and are there any inconsistent permissions.

  4. Libraries & Imports - What libraries and imports are being used, and what information do they give us about the functionality of the malware.

Tools

  • Pestudio

PreviousUnderstanding The PE HeaderNextExamining The Resources Section

Last updated 1 year ago