Like a Pill: What is Malware Analysis? Static vs Dynamic Analysis
In this article, we will talk about static and dynamic analysis methods used in malware analysis.
What is Malware?
In general, malware (Malware in English) is a type of software that sometimes renders the functions of any electronic device (computer, phone, refrigerator, etc.) unusable, sometimes encrypts important files (ransomware), sometimes causes unwanted advertisements or secretly mining bitcoin. .
Before the name of malware was coined by Yisrael Radai in 1990, such software was called computer virus.
If we need to give examples of malware, we can cite CryptoLocker, WannaCry and Trojan Horse.
What is Malware Analysis?
Malware analysis is a study that uses various fields such as reverse engineering, examining the malware with different methods, revealing its working principles and guiding them to take precautions.
Malware analysis is basically divided into two area.
- Static Analysis
- Dynamic Analysis
What is Static Analysis
Static analysis is the examination of malware before it is run. It includes steps such as observing the instructions in various online tools or disassembling them, examining the libraries, functions and strings it contains.
While performing static analysis, information such as executable header information, import and export tables are also examined.
What is Dynamic Analysis
Dynamic analysis is the analysis of malware by running it in a safe environment and examining its behavior. While examining what behaviors it exhibits while running malware through a debugger, what it affects in its environment and protocol requests before and after it runs are examined.
While doing the analysis with the Debugger, Breakpoint is left and the commands are examined step by step. There is also a malware analysis Linux distribution called REMNUX for this kind of analysis.