Hi everyone,
This is just a short thread to cover the difference between Static and Dynamic analysis. I gathered having a Malware Analysis forum introduced would require people to know the difference (for those who want to be involved with the forum) so I decided to post a thread on it.
Static Analysis will allow you to analyze the sample without actually executing it. This involves reverse engineering, unpacking, HEX checking, ...
Reverse Engineering/Disassembling is very useful. A very common tool used by Malware Analysts for disassembling a binary file is IDA Pro; there is a Free version of IDA, you could use this for training. If you cannot afford IDA Pro, then you can use IDA Free. But, IDA Pro is better.
Dissassembling a binary file will allow you to have the machine code to the binary file translated to something more readable... Such as Assembly. For anyone who does not know, Assembly is a programming language.
You can find more information about IDA at this website: https://www.hex-rays.com/products/ida/index.shtml
Dynamic Analysis will allow you to analyze the sample by executing it. When the sample is executing, you can monitor it's behaviour. Such as, what folders it tries to access, if it drops any files and then do analysis on the dropped files, the API calls made, any connections being made (is it trying to connect to a C&C (Comand and Control) server?), ...
I recommend taking a look at Malcode Analysts Pack. It's got a set of tools to get you started. You'll need a lot more as you progress and improve, but it does offer some nice tools. You can download it from the following URL: http://www.woodmann.com/collaborative/tools/index.php/Malcode_Analysis_Pack
Should anyone be confused about Static and Dynamic analysis still, please mention below in the comments and I will try to help you understand it better.
A debugger is also useful to Malware Analysts. (e.g. WinDbg).
I will make a thread about tools you can use for Malware Analysis. I will also attach the public tutorial for the tools, as you will need to read them first before using the tools.
Cheers.
This is just a short thread to cover the difference between Static and Dynamic analysis. I gathered having a Malware Analysis forum introduced would require people to know the difference (for those who want to be involved with the forum) so I decided to post a thread on it.
Static Analysis will allow you to analyze the sample without actually executing it. This involves reverse engineering, unpacking, HEX checking, ...
Reverse Engineering/Disassembling is very useful. A very common tool used by Malware Analysts for disassembling a binary file is IDA Pro; there is a Free version of IDA, you could use this for training. If you cannot afford IDA Pro, then you can use IDA Free. But, IDA Pro is better.
Dissassembling a binary file will allow you to have the machine code to the binary file translated to something more readable... Such as Assembly. For anyone who does not know, Assembly is a programming language.
You can find more information about IDA at this website: https://www.hex-rays.com/products/ida/index.shtml
Dynamic Analysis will allow you to analyze the sample by executing it. When the sample is executing, you can monitor it's behaviour. Such as, what folders it tries to access, if it drops any files and then do analysis on the dropped files, the API calls made, any connections being made (is it trying to connect to a C&C (Comand and Control) server?), ...
I recommend taking a look at Malcode Analysts Pack. It's got a set of tools to get you started. You'll need a lot more as you progress and improve, but it does offer some nice tools. You can download it from the following URL: http://www.woodmann.com/collaborative/tools/index.php/Malcode_Analysis_Pack
Should anyone be confused about Static and Dynamic analysis still, please mention below in the comments and I will try to help you understand it better.
A debugger is also useful to Malware Analysts. (e.g. WinDbg).
I will make a thread about tools you can use for Malware Analysis. I will also attach the public tutorial for the tools, as you will need to read them first before using the tools.
Cheers.
Last edited by a moderator:
