Basic Static Malware Analysis

1. Identify File type

The file command in Kali Linux is a utility used to determine the type of a file by examining its content and providing information about its format. It helps identify the file's data type, such as whether it is a text file, an image, an executable binary, or an archive

file myfile.txt

Windows Utilities

Get the first few hex bytes using following software and then match it to check the file type from the reference sites.

Hxd Hex Editor

Exeinfo PE

PE Studio

CFF explorer

Reference for identifying file types

2. Identify File Signature

3. Obfuscation/ Packing

To hide the code from antiviruses and Analysis

Entropy is the main indication of packing. It involves mostly measuring bits.

4. Strings


  • PE Studio (let you organize by size and hints)

  • strings

Other Useful tools

olevba. Analysis Macros in office documents.


Last updated