search

Basic Static Malware Analysis

hashtag
1. Identify File type

The file command in Kali Linux is a utility used to determine the type of a file by examining its content and providing information about its format. It helps identify the file's data type, such as whether it is a text file, an image, an executable binary, or an archive

file myfile.txt

hashtag
Windows Utilities

Get the first few hex bytes using following software and then match it to check the file type from the reference sites.

Hxd Hex Editor

LogoHxD - Freeware Hex Editor and Disk Editor | mh-nexusmh-nexus.dechevron-right

Exeinfo PE

http://www.exeinfo.byethost18.com/?i=1www.exeinfo.byethost18.comchevron-right

PE Studio

winitor.comwww.winitor.comchevron-right
A very good tool to perform most of the actions

CFF explorer

LogoExplorer SuiteNTCorechevron-right

hashtag
Reference for identifying file types

LogoGCK File Signatures, Powered by SEARCHwww.garykessler.netchevron-right

hashtag
2. Identify File Signature

LogoVirusTotalVirusTotalchevron-right
LogoFree Automated Malware Analysis Service - powered by Falcon Sandboxwww.hybrid-analysis.comchevron-right

hashtag
3. Obfuscation/ Packing

To hide the code from antiviruses and Analysis

Entropy is the main indication of packing. It involves mostly measuring bits.

measured from 1-8

hashtag
4. Strings

hashtag
Tools

  • PE Studio (let you organize by size and hints)

  • strings

hashtag
Other Useful tools

olevba. Analysis Macros in office documents.

LogoolevbaGitHubchevron-right

hashtag
Sandboxes

LogoInteractive Online Malware Analysis Sandbox - ANY.RUNapp.any.runchevron-right
online very good

PreviousMalware AnalysisNextBoxes/ Machines

Last updated