Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Malware Analysis Overview
Security

Malware Analysis Overview

By SolarWinds MSP
13 August, 2019

Malware, short for “malicious software,” is an umbrella term for dangerous programs that cybercriminals use to target their victims. Malware [https://www.solarwindsmsp.com/blog/how-keep-top-malware-threat] comes in many different varieties, including viruses, worms, Trojan horses, adware, spyware, backdoors, and rootkits. 

As a managed services provider (MSP), you may already have adequate security measures to protect your customers’ systems against these threats. But if an attack does strike, it’s essential to know what specific type of malware you’re dealing with. This is the job of malware analysis tools. This article will provide an introduction to malware analysis and how it can be used to prepare for and respond to cybersecurity threats. 

What is malware analysis?

Imagine the worst has come to pass: you’ve been struck with a malware attack. Your system has slowed to a crawl and users can’t get any work done. It’s clear you’ve been targeted by a hacker, but the exact nature of the malware infecting your system is not obvious. In order to repair the damage, you’ll need to turn to malware analysis tools and techniques. 

Malware analysis is the process of determining the purpose and functionality of a piece of malware. This process will reveal what type of harmful program has infected your network, the damage it’s capable of causing, and—most importantly—how to remove it. Malware analysis used to be performed manually by experts in a time-consuming and cumbersome process. Today, there are a number of open-source malware analysis tools that can perform this process automatically. 

The first step in malware analysis is to identify the suspicious file(s). The file should then be run through malware analysis software to figure out how it works. While malware analysis is crucial for recovering from cyberattacks, it can also be used preemptively. By safely examining emerging malware programs, security experts determine how best to protect against them. 

Now let’s explore the two main types of malware analysis: static and dynamic. 

CTA Image

SolarWinds Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

What is static malware analysis?

Static analysis examines a malware file without actually running the program. This is the safest way to analyze malware, as executing the code could infect your system. In its most basic form, static analysis gleans information from malware without even viewing the code. Metadata such as file name, type, and size can yield clues about the nature of the malware. MD5 checksums or hashes can be compared with a database to determine if the malware has been previously recognized. And scanning with antivirus software can reveal what malware you’re dealing with. 

Advanced static analysis—also known as code analysis—dissects the binary file to study each component, still without executing it. One method is to reverse engineer the code using a disassembler. Machine code is translated into assembly code, which is readable and understandable. By looking at the assembly instructions, an analyst can tell what the program is meant to do. A file’s headers, functions, and strings can provide important details. Unfortunately, modern hackers are adept at evading this technique. By embedding certain syntax errors into their code, they can misdirect disassemblers and ensure the malicious code still runs. Because static malware analysis can be more easily foiled, dynamic malware analysis is also necessary. 

What is dynamic malware analysis?

Dynamic analysis—also called malware behavior analysis—runs the malware program to examine its behavior. Of course, running a piece of malware always carries some risk, so dynamic analysis must be performed in a safe environment. A “sandbox” environment is a virtual system that is isolated from the rest of the network and can run malware without risk to production systems. After the analysis is done, the sandbox can be rolled back to its original state without permanent damage. 

When a piece of malware is run, technical indicators appear and provide a detection signature that dynamic analysis can identify. Dynamic analysis software monitors the sandbox system to see how the malware modifies it. Modifications may include new registry keys, IP addresses, domain names, and file path locations. Dynamic analysis will also reveal whether the malware is communicating with a hacker’s external server. Debugging is another useful dynamic analysis technique. As the malware is running, a debugger can zero in on each step of the program’s behavior while the instructions are being processed. 

As with static analysis, cybercriminals have developed techniques to foil dynamic analysis. Malware may refuse to run if it detects a virtual environment or debugger. The program may delay the execution of its harmful payload or require certain user input. To reach the best understanding of a particular malware threat, a combination of static and dynamic analysis is most effective. 

Interested in learning more about malware analysis? Explore our product suite to see how you can monitor and prepare for potential threats.

 

Additional Reading

Evasive Malware: The Enemy You Can’t See
6 Most Effective Tactics to Protect Your Business from Malware in 2020
How to Remove Malware on your PC/Windows
You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Security

What Do Auto Racing and EDR Have in Common?

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
  • Business Risk (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.