A file needs to undergo an initial assessment in order for us to determine what tools and analysis methods will be required. This process also helps us to create a strategy for analyzing the file. Doing such an assessment requires carrying out a light static analysis. Here are some ideas for assessment that may serve as our guide:

• Where did it originate from:
  • One of the purposes of reverse engineering is to help network administrators prevent similar malware from infiltrating the network. Knowing where a file came from would be helpful in securing the channel used to transmit it. For example, if the file being analyzed was determined to have been an email attachment, network administrators should secure the email server.
• Existing information:
  • Searching the internet for already existing information can be very helpful. There might be existing analyses that has been done on the file. We would be able to determine what behaviors to expect, which will help hasten the analysis.
• Viewing the file and extracting its text strings:
  • Using tools to view the file help us to determine the type of file. Extracting readable text from the file also gives us hints of what messages, functions, and modules it will use when opened or executed.
• File information:
  • What is the file type?
  • Header and type analysis