|
|
|
# Malware Analysis
|
|
|
|
The tools in this article are primarily geared toward analysis of Windows malware, but many of the concepts should apply to malware analysis in general.
|
|
|
|
### Contents
|
|
|
|
* Triage
|
|
|
|
* Static analysis
|
|
|
|
* Dynamic analysis
|
|
|
|
* [Triage](#triage)
|
|
|
|
* [Static analysis](#static-analysis)
|
|
|
|
* [Dynamic analysis](#dynamic-analysis)
|
|
|
|
# Triage
|
|
|
|
There is not enough time nor malware analysts to perform an in-depth analysis of every unknown software sample. For this reason, the first job of many malware analysis teams is triage: determining the basic functionality of the software, so it can be decided if the software is malicious.
|
|
|
|
When triaging a sample, the specific indicators depend on the language of the program, but there are certain behavior patterns and artifacts that raise suspicion or warrant further investigation.
|
| ... | ... | |
