Hello
Well the static analysis consists in analyzing a malware without starting it, studying the code, and the functions to determine its behavior but it is really very difficult to explain concepts, especially if you don't know assembly.
Lets say that usually .NET malware (not obfuscated) can be investigated by accessing the code with
ILSpy for example.
About malware written in C/C++, it is more complex because it is virtually impossible to go back to the source code, starting from the executable.
Here you can use
PEiD, which can be useful for the investigation of strings and file sections both useful to understand the malware's behavior.
For example here the files sections:
- .
text contains instructions that CPU will run (the executable code);
- .
rdata usually contains the information to import and export. It can also save from the read-only data used by malware;
- .
data contains the global data of the executable;
- .
rsrc contains the resources used by the executable that are not considered to be part of it, such as icons, images, and strings.
Of course the topic is very complex.