100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

Malware Analysis Basics Cheat Sheet

Malware Analysis Basics Cheat Sheet

Introduces static and dynamic malware analysis techniques, common tools, and safe sandboxing practices for examining suspicious files.

2 PagesAdvancedFeb 5, 2026

Analysis Approaches

The two fundamental categories of malware analysis.

  • Static analysis- Examine the file without executing it (strings, headers, hashes, disassembly)
  • Dynamic analysis- Execute the sample in a controlled environment and observe its behavior
  • Basic static- File hashing, string extraction, header inspection, no code execution or reversal
  • Advanced static- Disassembly/decompilation to understand actual code logic
  • Behavioral (dynamic)- Monitor file system, registry, network, and process activity during execution

Basic Static Triage Commands

Quick, safe first steps before deeper analysis.

bash
# Compute hashes to check against threat intel (VirusTotal, etc.)sha256sum suspicious.exemd5sum suspicious.exe# Identify file typefile suspicious.exe# Extract printable strings (look for URLs, IPs, commands)strings -n 8 suspicious.exe | less# Inspect PE headers (imports, sections)objdump -x suspicious.exe# Check for known-bad signatures with YARAyara rules.yar suspicious.exe

Common Malware Analysis Tools

Widely used tools by analysis category.

  • Static/PE inspection- PEStudio, CFF Explorer, Detect It Easy (DiE)
  • Disassembly/decompilation- Ghidra, IDA Pro, Binary Ninja
  • Dynamic/sandbox- Cuckoo Sandbox, Any.Run, ProcMon + Process Explorer
  • Network analysis- Wireshark, INetSim (fake internet services for isolated sandboxes)
  • Signature matching- YARA rules for identifying known malware families

Safe Handling Practices

Precautions required before and during analysis of live malware.

  • Isolated sandbox/VM- Never analyze live malware on a production or internet-connected host
  • Snapshot before execution- Take a VM snapshot so the environment can be reverted after each run
  • Disable/simulate network access- Use a fake internet (INetSim) to observe C2 attempts without real harm
  • Handle as read-only- Keep original sample write-protected; work from copies
  • No shared network shares- Prevent malware from spreading to host or other systems via shared folders
Pro Tip

Always check a sample's hash against VirusTotal and threat intel feeds before spending hours on manual reverse engineering — many samples are already-known commodity malware with published analysis reports.

Was this cheat sheet helpful?

Explore Topics

#MalwareAnalysisBasics#MalwareAnalysisBasicsCheatSheet#Cybersecurity#Advanced#AnalysisApproaches#BasicStaticTriageCommands#CommonMalwareAnalysisTools#SafeHandlingPractices#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech

Professional Web Designing Services

  • Responsive Websites
  • E-commerce Solutions
  • SEO Friendly Design
  • Fast & Secure
  • Support & Maintenance
Get a Free Quote

Share this Cheat Sheet