Malware Analysis is important because it helps security operations teams rapidly detect and prevent malicious objects from gaining persistence and causing destruction within the organization.

There are three main types of Malware Analysis:

1. Static Analysis examines the files for signs of malicious intent without executing the program.This form can also call for manual review by an IT professional after the initial  examination to conduct further analysis as to how the malware interacts with the system.Static document analysis looks for abnormalities in the file itself, not in how it executes.

It seeks to answer questions such as the following:

• Are there structural anomalies such as embedded shellcode, abnormal macros, or other executable program that would not normally be present in a document of this type?
• Does the document have any missing or added segments?
• Are there any embedded files?
• Are there any encryption, fingerprinting, or other suspicious capabilities?
• Is there anything about the document that just looks odd?

2. Dynamic Analysis relies on a closed system (known as a sandbox), to launch the malicious program in a secure environment and simply watch to see what it does. The inspection environment simulates an entire host (including the CPU, system memory, and all devices) to continuously observe all the actions malicious objects can take.  This automated system enables professionals to watch the malware in action without letting it infect their system. Dynamic analysis interacts with the malware to elicit every malicious behavior supports automation, fast and accurate findings, and can support identifying and analyzing the obscurities within an organization’s infrastructure

3. Reverse Engineering malware involves disassembling (and sometimes decompiling) a software program. Through this process, binary instructions are converted to code mnemonics (or higher-level constructs) so that engineers can look at what the program does and what systems it impacts. Only by knowing its details are engineers then able to create solutions that can mitigate the program’s intended malicious effects. A reverse engineer (aka “reverser”) will use a range of tools to find out how a program is propagating through a system  and what it is engineered to do. And in doing so, the reverser would then know which vulnerabilities the program was intending to exploit