Malware Analysis – Analyzing The PE Header

Video Link

Analyzing The PE Header

  • The PE header contains the information the OS requires to run the executable.
  • In static analysis, we are looking for information about the executable, that can give us a glimpse of it’s functionality and origin.

What information are we interested in?

  1. Compiler Stamp – When and where the malware was compiled.
  2. Subsystem – What subsystem is being used?
  3. Sections – Is the executable packed and are there any inconsistent permissions.
  4. Libraries & Imports – What libraries and imports are being used, and what information do they give us about the functionality of the malware.

Tools We Will Be Using

  • Pestudio – The most efficient tool for static analysis.