Skip to main content

Introduction

  • Basic Static Analysis - Looking at something to work out what it does
  • Basic Dynamic Analysis - Running to see what it does
  • Advanced Static Analysis - Take machine code and convert it into assembly or C like language.
  • Advanced Dynamic Analysis - Run the program inside a debugger, so can control how it operates

Program could use windows API - what is it doing etc

Can look at the strings to start static analysis. Is it making calls over http etc? Could see registry keys as well

Packing the file - Compress all the data in a file, a stub program is built upon it, which can decompress the file

Can use a UPX tool to decompress is