Course Repository for University of Cincinnati Malware Analysis Class (CS7038)

View on GitHub

Static Analysis Introduction

This lecture introduces some basic utilities for performing static analysis on a malware sample.

We begin by discussing file structures, and proceed to discuss the structure characteristics for the following open-source-defined file formats:

Furthermore, we go on to describe some models that we will use to describe data structure as the course goes on. The following page describes the Backus-Naur Form that we discussed in class. This should be familiar to many of your from Automata or Compiler Theory classes:

We then discuss Structured vs. Unstructured data and the technique of data extraction (or, sometimes, feature extraction).

Following that, we proceed to demonstrate the use of the following utilities in Remnux to provide this capability to us:

Slides: lecture-w04-1.pdf (PDF)

Video: CS7038: Wk04.1 - Static Analysis Introduction