What Is Static Analysis?
Static analysis is the process of analyzing malware/binary without executing it.
- The objective is to extract useful information from the malware, this will help us get an idea of the type of malware and what the malware can do. This information is useful for future analysis as it will allows us to efficiently analyze the sample going forward.
Static analysis flow – How to approach a sample
- Identifying the file type – Target OS, architecture and format (dll, exe)
- Identifying the malware – Generating a hash of the malware, this will give the malware a unique identifier. Using the hash to see if anyone else has analyzed the malware.
- Strings – Strings give us an idea/glimpse of what the malware can do.
- Packing & Obfuscation – Obfuscation & packing are techniques used to prevent detection. Unpacking or de-obfuscating can reveal additional information.
- PE headers – The PE header reveals a lot of information on the malware functionality.