Static Analysis

Static analysis is the process of analyzing malware/binary without executing it.

The objective is to extract useful information from the malware, this will help us get an idea of the type of malware and what the malware can do. This information is useful for future analysis as it will allow us to efficiently analyze the sample going forward.

Analysis Flow

Identifying the file type

Target OS, architecture, and format (dll, exe).

Identifying the malware

Generating a hash of the malware will give the malware a unique identifier. Using the hash to see if anyone else has analyzed the malware.

Strings

Strings give us an idea/glimpse of what the malware can do.

Packing & Obfuscation

Obfuscation & packing are techniques used to prevent detection. Unpacking or deobfuscating can reveal additional information.

PE headers

The PE header reveals a lot of information on the malware functionality.