Malware Analysis Techniques covers several topics relating to the static and behavioral analysis of malware in the quest to understand the behavior, abilities, and goals of adversarial software. It provides technical walk-throughs and leverages several different tools to this end.

The book seeks to make you more effective and faster at triaging and to help you gain an understanding of the adversarial software you may come across – and how to better defend an enterprise against it.

Who this book is for

Malware Analysis Techniques is for everyone – that is to say, the book covers things in such a way that they should be easy to pick up for even a beginner analyst. The book is for those who wish to break into malware analysis, those who wish to become more effective at understanding malware, and those who wish to harden and defend their network against adversarial software by understanding it.

A minimum technical knowledge of utilizing virtual machines and general computing knowledge and the ability to use the command line are all that are required to get started.

What this book covers

Chapter 1, Creating and Maintaining Your Detonation Environment, provides a guide to building your malware analysis lab.

Chapter 2, Static Analysis – Techniques and Tooling, provides an introduction to basic analysis without execution.

Chapter 3, Dynamic Analysis – Techniques and Tooling, provides an introduction to basic behavioral analysis.

Chapter 4, A Word on Automated Sandboxing, covers how to automate basic analysis of malware.

Chapter 5, Advanced Static Analysis – Out of the White Noise, dives into more advanced static analysis utilizing Ghidra and other tooling.

Chapter 6, Advanced Dynamic Analysis – Looking at Explosions, provides a closer look at advanced behavioral analysis techniques.

Chapter 7, Advanced Dynamic Analysis Part 2 – Refusing to Take the Blue Pill, provides a look at how malware may attempt to misdirect analysis efforts.

Chapter 8, De-Obfuscation – Putting the Toothpaste Back in the Tube, covers analysis, de-obfuscation, and the triage of malicious droppers and scripts.

Chapter 9, The Reverse Card – Weaponization of IOCs and OSINT for Defense, covers how intelligence gained during analysis may be leveraged to defend the network.

Chapter 10, Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK, covers leveraging the ATT&CK framework to communicate malicious capability and write concise, efficacious reports.

Chapter 11, Challenge Solutions, covers the challenges that have been posed throughout the book in several of the chapters.

To get the most out of this book

Generally speaking, little knowledge is required before beginning with this book, as step-by-step guides are provided in order to best illustrate the techniques covered. It's assumed that you'll have utilized a computer – and, by extension, a Windows OS – and virtual machines to some degree prior.

Download the example code files

The code bundle for the book is hosted on GitHub at In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here:

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We can view the usage of the cmdlet by typing Get-Help Get-FileHash."

Any command-line input or output is written as follows:

6144:JanAo3boaSrTBRc6nWF84LvSkgNSjEtIovH6DgJG3uhRtSUgnSt9BYb C38g/T4J:JaAKoRrTBHWC4LINSjA/EMGU/ShomaI

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "We can take a SHA256 of the binary by right-clicking and utilizing the HashMyFiles menu option."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit


Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.