What is malware analysis?
Table of Contents
What is malware analysis?
Malware analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Malware may include software that gathers user information without permission.
What is the difference between malware dynamic analysis vs malware static analysis?
Static analysis involves analyzing the signature of the malware binary file which is a unique identification for the binary file. Dynamic analysis involves analyzing the behavior of malware in a sandbox environment so that it won’t affect other systems.
What are the types of malware analysis?
Types of Malware Analysis
- Static Analysis. Basic static analysis does not require that the code is actually run.
- Dynamic Analysis.
- Hybrid Analysis (includes both of the techniques above)
- Malware Detection.
- Threat Alerts and Triage.
- Incident Response.
- Threat Hunting.
- Malware Research.
What are the four stages of malware analysis?
The Four Stages of Malware Analysis
- Stage One: Fully Automated Analysis.
- Stage Two: Static Properties Analysis.
- Stage Three: Interactive Behavior Analysis.
- Stage Four: Manual Code Reversing.
What is the difference between reverse engineering and reengineering?
Reverse engineering attempts to discover how something works, while re-engineering seeks to improve a current design by investigating particular aspects of it.
What is the purpose of reverse engineering malware?
Reverse engineering malware involves disassembling (and sometimes decompiling) a software program. Through this process, binary instructions are converted to code mnemonics (or higher level constructs) so that engineers can look at what the program does and what systems it impacts.
What are the two most common phases of malware analysis?
When discussing malware analysis, I’ve always referred to 2 main phases of the process: behavioral analysis and code analysis.