HackerSploit Forum - Community Of Hackers & Security Professionals

Malware Analysis – Analyzing The PE Header

Malware Analysis

HackerSploit September 13, 2019, 7:04am 1

Analyzing The PE Header

The PE header contains the information the OS requires to run the executable.
In static analysis, we are looking for information about the executable, that can give us a glimpse of it’s functionality and origin.

What information are we interested in?

Compiler Stamp – When and where the malware was compiled.
Subsystem – What subsystem is being used?
Sections – Is the executable packed and are there any inconsistent permissions.
Libraries & Imports – What libraries and imports are being used, and what information do they give us about the functionality of the malware.

Tools We Will Be Using

Pestudio – The most efficient tool for static analysis.