Skip to content
Site logo Site logo ucch45

Analysis Methods

Static Analysis

Static Malware analysis is a type of malware analysis where the focus is on figuring out the structure and the potential actions of the malware. Security experts try to figure out what the purpose of the file is, how the file is built, what actions it might take on a device if executed, and what it might try to accomplish overall. In static analysis, the study needs to be done without letting the malware execute on a computer.

Techniques

  1. Disassemble : Converts binary to assembly language for low-level insights
  2. Decompile : Converts executables to high-level code
  3. Analyze file-format : Examines file structures for hidden threats

Some of the common tools used are: IDA Pro, Ghidra

Pros & Cons

Pros :

  • Fast and safe (no execution needed)
  • Useful for detecting indicators of compromise (IOCs)
  • Easily automated for large-scale analysis

Cons :

  • Cannot detect runtime behaviors or dynamically generate code
  • Struggles with obfuscated or encrypted malware
  • Requires expertise and is time-consuming

Dynamic Analysis

Dynamic malware analysis involves executing malware in a controlled and secure environment, such as a sandbox, to observe its real-time behavior. Similar to studying a virus in a bio lab, this approach allows security experts to understand the malware’s full range of activities and operational impact. Unlike static analysis, which examines code without execution, dynamic analysis provides insight into the malware’s actual behavior, helping identify and mitigate its real-world effects more effectively.

Observations

  1. Network Activity : Tracks data sent/received by the malware
  2. File System Changes : Monitors file creation, modification, or deletion
  3. Process Manipulation : Observes malware interaction with system processes

Some of the common tools used are: Joe Sandbox, Any.Run

Pros & Cons

Pros :

  • Reveals real-world impact and advanced behaviors
  • Effective for detecting evasion or unknown threats

Cons :

  • Slower and resource-intensive
  • Some malware can evade sandbox detection
  • Requires secure isolation to prevent system compromise

Why combine both approaches?

  • Static Analysis : Provides quick, automated initial detection
  • Dynamic Analysis : Confirms findings and reveals advanced behaviors
  • Holistic Defense : Combining both ensures a thorough understanding of malware, enhancing detection and mitigations strategies

Combining both of the strategies enables security teams to tackle malware more effectively by leveraging the strengths of each approach.



© 2020-2025 Ucchas Muhury