In this chapter, we are going to cover the core fundamentals that you need to know in order to analyze a 32-bit or a 64-bit malware in the Windows platform. We will cover the Windows Portable Executable file header (PE header) and look at how it can help us answer different incident handling and threat intelligence questions.
We will also walk through the concepts and the basics of static and dynamic analysis, including process and threads, process creation flow, and WOW64 processes. At the end, we will cover the debugging process, setting breakpoints, and alerting the program execution.
This chapter will help you do the basic static and dynamic analysis of malware samples and help you understand ...
