Basic Malware Analysis For Incident Response(Static Analysis)

Key features to understand in a malware

Portable Executable (PE file)

Imports

Mutex

Ordinal

Data encoding

Basic Static analysis

Detecting packers

Checking the strings

Checking dynamically linked functions

Analyzing PE header

  1. .text

File header

What information can we get from the file header

Section header

Optional header

--

--

--

A highly energetic and enthusiastic individual specialized in the field of Information Security. A security researcher, Threat Hunter, freelancer.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Real Snooker 3D Hack Free Resources Generator

Connect to Reality Cards using Blank Wallet

Flash Stock Firmware on Samsung GALAXY MEGA2 SM-G750H

Flash Stock Rom on Samsung Galaxy

5 Ways for Small Business to Secure Customer Data

The first Linksys Wi-Fi 6e router is a mesh network model

How to Setup Amazon GuardDuty

How to Setup Amazon GuardDuty

DNS and DNS-Over-HTTPS: A Look Into Crucial Network Protocol!

SIEM Security: Accelerate Phishing Detection and Incident Response

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Pathum Joseph

Pathum Joseph

A highly energetic and enthusiastic individual specialized in the field of Information Security. A security researcher, Threat Hunter, freelancer.

More from Medium

Fixing the Zeek Add-on for Splunk in DetectionLab

LetsDefend — Suspicious Mshta Behavior [Write-up]

SOC Alert “Suspicious Mshta Behavior” from LetsDefend.io

OSCD: Threat Detection Sprint #1, results (EN)

Figures for 6 of December 2019, when final PR from OSCD to Sigma master branch has been created

MITRE ATT&CK