{"id":5027,"date":"2019-08-13T18:42:15","date_gmt":"2019-08-13T17:42:15","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5027"},"modified":"2021-03-31T18:53:21","modified_gmt":"2021-03-31T17:53:21","slug":"malware-analysis-steps","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps","title":{"rendered":"Malware Analysis Overview"},"content":{"rendered":"<p>Malware, short for \u201cmalicious software,\u201d is an umbrella term for dangerous programs that cybercriminals use to target their victims. Malware [https:\/\/www.n-able.com\/blog\/how-keep-top-malware-threat] comes in many different varieties, including viruses, worms, Trojan horses, adware, spyware, backdoors, and rootkits.<\/p>\n<p>As a managed services provider (MSP), you may already have adequate security measures to protect your customers\u2019 systems against these threats. But if an attack does strike, it\u2019s essential to know what specific type of malware you\u2019re dealing with. This is the job of malware analysis tools. This article will provide an introduction to malware analysis and how it can be used to prepare for and\u00a0<a href=\"https:\/\/www.n-able.com\/blog\/cybersecurity-best-practices-MSP-guide\" target=\"_blank\" rel=\"noopener\">respond to cybersecurity threats<\/a>.<\/p>\n<h3><b>What is malware analysis?<\/b><\/h3>\n<p>Imagine the worst has come to pass: you\u2019ve been struck with a malware attack. Your system has slowed to a crawl and users can\u2019t get any work done. It\u2019s clear you\u2019ve been targeted by a hacker, but the exact nature of the malware infecting your system is not obvious. In order to repair the damage, you\u2019ll need to turn to malware analysis tools and techniques.<\/p>\n<p>Malware analysis is the process of determining the purpose and functionality of a piece of malware. This process will reveal what type of harmful program has infected your network, the damage it\u2019s capable of causing, and\u2014most importantly\u2014<a href=\"https:\/\/www.n-able.com\/blog\/how-to-remove-malware\" target=\"_blank\" rel=\"noopener\">how to remove it<\/a>. Malware analysis used to be performed manually by experts in a time-consuming and cumbersome process. Today, there are a number of open-source malware analysis tools that can perform this process automatically.<\/p>\n<p>The first step in malware analysis is to identify the suspicious file(s). The file should then be run through malware analysis software to figure out how it works. While malware analysis is crucial for recovering from cyberattacks, it can also be used preemptively. By safely examining emerging malware programs, security experts determine how best to protect against them.<\/p>\n<p>Now let\u2019s explore the two main types of malware analysis: static and dynamic.<\/p>\n<h3><b>What is static malware analysis?<\/b><\/h3>\n<p>Static analysis examines a malware file without actually running the program. This is the safest way to analyze malware, as executing the code could infect your system. In its most basic form, static analysis gleans information from malware without even viewing the code. Metadata such as file name, type, and size can yield clues about the nature of the malware. MD5 checksums or hashes can be compared with a database to determine if the malware has been previously recognized. And scanning with antivirus software can reveal what malware you\u2019re dealing with.<\/p>\n<p>Advanced static analysis\u2014also known as code analysis\u2014dissects the binary file to study each component, still without executing it. One method is to reverse engineer the code using a disassembler. Machine code is translated into assembly code, which is readable and understandable. By looking at the assembly instructions, an analyst can tell what the program is meant to do. A file\u2019s headers, functions, and strings can provide important details. Unfortunately, modern hackers are adept at evading this technique. By embedding certain syntax errors into their code, they can misdirect disassemblers and ensure the malicious code still runs. Because static malware analysis can be more easily foiled, dynamic malware analysis is also necessary.<\/p>\n<h3><b>What is dynamic malware analysis?<\/b><\/h3>\n<p>Dynamic analysis\u2014also called malware behavior analysis\u2014runs the malware program to examine its behavior. Of course, running a piece of malware always carries some risk, so dynamic analysis must be performed in a safe environment. A \u201csandbox\u201d environment is a virtual system that is isolated from the rest of the network and can run malware without risk to production systems. After the analysis is done, the sandbox can be rolled back to its original state without permanent damage.<\/p>\n<p>When a piece of malware is run, technical indicators appear and provide a detection signature that dynamic analysis can identify. Dynamic analysis software monitors the sandbox system to see how the malware modifies it. Modifications may include new registry keys, IP addresses, domain names, and file path locations. Dynamic analysis will also reveal whether the malware is communicating with a hacker\u2019s external server. Debugging is another useful dynamic analysis technique. As the malware is running, a debugger can zero in on each step of the program\u2019s behavior while the instructions are being processed.<\/p>\n<p>As with static analysis, cybercriminals have developed techniques to foil dynamic analysis. Malware may refuse to run if it detects a virtual environment or debugger. The program may delay the execution of its harmful payload or require certain user input. To reach the best understanding of a particular malware threat, a combination of static and dynamic analysis is most effective.<\/p>\n<p><b>Interested in learning more about malware analysis?\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\" target=\"_blank\" rel=\"noopener\">Explore our product suite<\/a>\u00a0to see how you can monitor and prepare for potential threats.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Read about malware analysis tools and steps you can take to help ensure you&#8217;re prepared for unwanted threats to your business and users.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5027","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Malware Analysis Steps and Techniques - N-able<\/title>\n<meta name=\"description\" content=\"Read about malware analysis tools and steps you can take to help ensure you&#039;re prepared for unwanted threats to your business and users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Malware Analysis Steps and Techniques - N-able\" \/>\n<meta property=\"og:description\" content=\"Read about malware analysis tools and steps you can take to help ensure you&#039;re prepared for unwanted threats to your business and users.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-13T17:42:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-31T17:53:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"Malware Analysis Overview\",\"datePublished\":\"2019-08-13T18:42:15+01:00\",\"dateModified\":\"2021-03-31T17:53:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\"},\"wordCount\":809,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\",\"name\":\"Malware Analysis Steps and Techniques - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2019-08-13T18:42:15+01:00\",\"dateModified\":\"2021-03-31T17:53:21+00:00\",\"description\":\"Read about malware analysis tools and steps you can take to help ensure you're prepared for unwanted threats to your business and users.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Malware Analysis Overview\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Malware Analysis Steps and Techniques - N-able","description":"Read about malware analysis tools and steps you can take to help ensure you're prepared for unwanted threats to your business and users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps","og_locale":"de_DE","og_type":"article","og_title":"Malware Analysis Steps and Techniques - N-able","og_description":"Read about malware analysis tools and steps you can take to help ensure you're prepared for unwanted threats to your business and users.","og_url":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2019-08-13T17:42:15+00:00","article_modified_time":"2021-03-31T17:53:21+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"N-able","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"Malware Analysis Overview","datePublished":"2019-08-13T18:42:15+01:00","dateModified":"2021-03-31T17:53:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps"},"wordCount":809,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps","url":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps","name":"Malware Analysis Steps and Techniques - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2019-08-13T18:42:15+01:00","dateModified":"2021-03-31T17:53:21+00:00","description":"Read about malware analysis tools and steps you can take to help ensure you're prepared for unwanted threats to your business and users.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/malware-analysis-steps#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/de\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"Malware Analysis Overview"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=5027"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5027\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=5027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}