Static malware analysis is the process of analyzing and examining a piece of malware without actually running or executing it. This means that the malware is analyzed in its dormant state, without the need to create a sandbox or emulate a system environment in which it can run.
There are several methods of static malware analysis, including:
Disassembly: This involves reversing the compiled code of the malware into its original source code. This can reveal the inner workings and intended function of the malware.
Decompilation: This process involves converting the compiled code back into a high-level programming language, such as C or Python. This can make it easier to understand the code and see what it is intended to do.
String analysis: This involves examining the strings of characters within the malware code, as these can often contain clues about its intended function or the techniques it uses.
File header analysis: This involves examining the metadata of the malware file, such as the file type, size, and creation date, which can provide clues about its origin and purpose.
An example of static malware analysis might be examining a piece of ransomware to determine how it encrypts files and what techniques it uses to evade detection. Another example might be analyzing a trojan horse to determine how it is delivered and what actions it takes once it has been installed on a system.
