Malware Analysis
The process of examining malicious software to understand its behavior, origin, capabilities, and impact — including static analysis (without execution) and dynamic analysis (in a sandbox).
Definition
Malware analysis is the disciplined examination of malicious code to determine what it does, how it operates, and what systems it affects. It is divided into static analysis — inspecting code, strings, and structure without running the sample — and dynamic analysis — executing the sample in a controlled environment to observe runtime behavior.
Why It Matters
Understanding malware is prerequisite to effective containment and remediation. Analysis reveals command-and-control infrastructure, persistence mechanisms, data targeted for exfiltration, and evasion techniques. Findings directly inform detection rules, IOC extraction, and retrospective threat hunting across the environment.
How It Works
Static analysis involves disassembly, string extraction, hash lookups, file format inspection, and signature matching (e.g., YARA rules). Dynamic analysis runs the sample in an isolated sandbox and monitors system calls, network traffic, registry modifications, and file system changes. Advanced analysis combines both approaches with manual reverse engineering for complex or obfuscated samples.
DFIR Platform
File Analyzer
The File Analyzer at dfir-lab.ch/file-analyzer performs static analysis of suspicious files — detecting obfuscation patterns, extracting IOCs, and returning risk verdicts without executing the file, making it safe to use on unknown samples. https://dfir-lab.ch/file-analyzer
View DocumentationRelated Concepts
Try these concepts in practice
Free tier with 100 credits/month. No credit card needed.