In this series of posts, I’m going to discuss executable analysis, the methods that are used and mechanisms to prevent them. There are three types of analysis that can be performed on executables:
Static - Analysis of the sample file on disk.
Emulated - Branch and stack analysis of the sample through an emulator.
Live - Analysis of the executing sample on a VM, usually using hooks.
I’m going to look at each type in detail, giving examples of techniques used in each and ways to make analysis...