Basic Static Malware Analysis
1. Identify File type
The file command in Kali Linux is a utility used to determine the type of a file by examining its content and providing information about its format. It helps identify the file's data type, such as whether it is a text file, an image, an executable binary, or an archive
Windows Utilities
Get the first few hex bytes using following software and then match it to check the file type from the reference sites.
Hxd Hex Editor
Exeinfo PE
PE Studio
CFF explorer
Reference for identifying file types
2. Identify File Signature
3. Obfuscation/ Packing
To hide the code from antiviruses and Analysis
Entropy is the main indication of packing. It involves mostly measuring bits.
4. Strings
Tools
PE Studio (let you organize by size and hints)
strings
Other Useful tools
olevba. Analysis Macros in office documents.
Sandboxes
Last updated