Static analysis is the technique of analyzing the suspect file without executing it. It is an initial analysis method that involves extracting useful information from the suspect binary to make an informed decision on how to classify or analyze it and where to focus your subsequent analysis efforts. This chapter covers various tools and techniques to extract valuable information from the suspect binary.

In this chapter, you will learn the following:

• Identifying the malware's target architecture
• Fingerprinting the malware
• Scanning the suspect binary with anti-virus engines
• Extracting strings, functions, and metadata associated with the file
• Identifying the obfuscation techniques used to thwart analysis
• Classifying and comparing the malware samples

These techniques can reveal different information about the file. It is not required to follow all these techniques, and they need not be followed in the order presented. The choice of techniques to use depends on your goal and the context surrounding the suspect file.