3 Basic Static and Dynamic Analysis for x86/x64

In this chapter, we are going to cover the core fundamentals that you need to know to analyze 32-bit or 64-bit malware in the Windows platform. We will cover the Windows Portable Executable file header (PE header) and look at how it can help us to answer different incident handling and threat intelligence questions.

We will also walk through the concepts and basics of static and dynamic analysis, including processes and threads, the process creation flow, and WOW64 processes. Finally, we will cover process debugging, including setting breakpoints and altering the program’s execution.

This chapter will help you to perform basic static and dynamic analyses of malware samples by explaining the theory ...

Get Mastering Malware Analysis - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Malware Analysis - Second Edition by Alexey Kleymenov, Amr Thabet

3

Basic Static and Dynamic Analysis for x86/x64

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly