What is Malware Analysis and its types?

What is Malware Analysis?

Malware analysis is the process of understanding malware behavior through source code examination and methodologies such as static, dynamic, and hybrid analysis. 

Types of Malware Analysis:

Static Malware Analysis

Static malware analysis involves inspecting the malware’s code and structure without running it. This method uses techniques like disassembly, decompilation, and signature-based detection to understand the malware’s components and known patterns. It is quick and safe but may not reveal runtime behavior or obfuscated code. 

Tools:

Bintext, CFF Explorer, PeStudio, PEiD, Detect it Easy, Strings, 
FireEye Labs Obfuscated String Solver (FLOSS), Hash my files, ExeInfo PE, HxD, FileAlyzer, SSDEEP

Dynamic Malware Analysis

Dynamic malware analysis runs the malware in a controlled environment to monitor its real-time behavior. Techniques include sandboxing, behavior monitoring, and debugging to observe system changes and network activity during execution. This method provides detailed insights into the malware’s actions but risks potentially compromising the analysis environment if not properly isolated. 

Tools:

Sysinternals Suite, ProcMon, ProcDot, Process Explorer, Process Hacker, 
Radare2, Regshot, Dependency Walker, Wireshark, Fiddler, DNSpy, ILSpy, x64dbg, and IDA Pro

Hybrid Malware Analysis

Hybrid malware analysis combines static and dynamic methods to gain a comprehensive view of the malware. By integrating code examination with real-time behavior observation, this approach addresses the limitations of each individual method. It provides a thorough understanding of both the malware’s structure and its runtime actions, though it can be complex and resource-intensive.

Happy Learning !!