# Malware Analysis Primer

## Goals of Malware Analysis

* Determine exactly what a particular suspect binary can do
* How to detect it on your network
* How to measure and contain its damage
* Develop signatures to detect malware infections
  * **Host-based signatures**
    * Detect malicious code on victim computers
    * Malware indicators focus on what the malware does to a system not on characteristic of the malware itself
  * **Network signatures**
    * Detect malicious code by monitoring network traffic

## Malware Analysis Techniques

* [**Static Analysis**](https://marco-vazquez.gitbook.io/kb/malware-analysis/static-analysis)
  * Examines the malware without running it
  * **Types**
    * **Basic Static Analysis**
      * Examines the executable file without viewing the actual instructions
      * Does not work against sophisticated malware
    * **Advanced Static Analysis**
      * Reverse-engineering the malware's internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does
* **Dynamic Analysis**
  * Running the malware
  * **Types**
    * **Basic Dynamic Analysis**
      * Runs the malware and observing its behavior on the system in order to remove the infection and produce effective signatures
      * You have to set up an environment that lets you study the running malware without risk of damage to the system or network
    * **Advanced Dynamic Analysis**
      * Debugger to examine the internal state of a running malicious executable
      * Extract detailed information from an executable