Malware Analysis – Analyzing The PE Header

Analyzing The PE Header

  • The PE header contains the information the OS requires to run the executable.
  • In static analysis, we are looking for information about the executable, that can give us a glimpse of it’s functionality and origin.

 

What information are we interested in?

  1. Compiler Stamp – When and where the malware was compiled.
  2. Subsystem – What subsystem is being used?
  3. Sections – Is the executable packed and are there any inconsistent permissions.
  4. Libraries & Imports – What libraries and imports are being used, and what information do they give us about the functionality of the malware.

Tools We Will Be Using

  • Pestudio – The most efficient tool for static analysis.
Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *