Proceedings of the 4th International Conference on Information Technology, Civil Innovation, Science, and Management, ICITSM 2025, 28-29 April 2025, Tiruchengode, Tamil Nadu, India, Part I

Research Article

From Fundamentals to Forensics: Exploring the Spectrum of Malware Analysis

Download14 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.4108/eai.28-4-2025.2357850,
    author={Venkata Pranay Kumar Yerikala},
    title={From Fundamentals to Forensics: Exploring the Spectrum of Malware Analysis},
    proceedings={Proceedings of the 4th International Conference on Information Technology, Civil Innovation, Science, and Management, ICITSM 2025, 28-29 April 2025, Tiruchengode, Tamil Nadu, India, Part I},
    publisher={EAI},
    proceedings_a={ICITSM PART I},
    year={2025},
    month={10},
    keywords={malware analysis basic static analysis basic dynamic analysis advanced static analysis disassembly decompilation advanced dynamic analysis debugging pe file analysis string analysis wireshark procmon cutter},
    doi={10.4108/eai.28-4-2025.2357850}
}
  • Venkata Pranay Kumar Yerikala
    Year: 2025
    From Fundamentals to Forensics: Exploring the Spectrum of Malware Analysis
    ICITSM PART I
    EAI
    DOI: 10.4108/eai.28-4-2025.2357850
Venkata Pranay Kumar Yerikala1,*
  • 1: Vignan's Foundation for Science, Technology & Research (Deemed to be University), India
*Contact email: ypranaykumar1002@gmail.com

Abstract

This paper seeks to bring together fundamental and advanced techniques of malware analysis and understanding to prepare the malware analysts with strategic skills towards better investigations and insights [1]. The ever-increasing challenges posed by malware on computer networks require computer security specialists to possess a deep knowledge of the malware’s inner details and behaviors during execution. This paper outlines the malware analysis technique, starting from the basic approaches to the advanced techniques. The basic analysis includes both static and dynamic, where static is the examination of malware that has not been executed Operations like sample hashing, string analysis, and Portable Executable (PE) file header examination are collected, whereas in dynamic analysis the executable is run in a safe environment with INetSim running in the background, and its behavior is observed using software tools like Procmon, Wireshark, and TCPView. This document also discusses advanced static analysis consisting of disassembly and decompilation to analyze malware’s hidden code to gain insight on how it operates and the logic it uses. The use of Cutter as a program of API flow analysis and program flow visualization will help us to understand a lot more about the malware.

Keywords
malware analysis, basic static analysis, basic dynamic analysis, advanced static analysis, disassembly, decompilation, advanced dynamic analysis, debugging, pe file analysis, string analysis, wireshark, procmon, cutter
Published
2025-10-13
Publisher
EAI
http://dx.doi.org/10.4108/eai.28-4-2025.2357850
Copyright © 2025–2025 EAI
EAI Logo

About EAI

Community

Publish with EAI