Skip to main content


Showing posts from August, 2019

Basic Dynamic Analysis - PE

As mentioned in my prior post ( Medium / StillzTech ), malware analysis can be grouped into four categories: Basic Static  Basic Dynamic - PE File (what this post will cover) Advanced Static Advanced Dynamic As stated in my prior post, we perform basic static analysis first to understand the executable’s “potential” capabilities and structure. Some questions we aim to answer during basic static analysis: What libraries does the PE file import, including functions / ordinals? Why? This may indicate the file has the “capability” to log to a text file and read credit card track data from memory, indicating you’re dealing with some point of sale malware. What unique strings stand out? Why? Some malware may contain the PDB file (debugger symbols) or original code file path, which can be used to find related malware or identify the malware itself. What language was the PE file written in? Why? Depending on the language the executable was written in, you might b