ISSN:
2327-9176
Static analysis is a popular approach to malware
detection. Static analysis provides
thorough analysis of source code of portable executable (PE) files without executing
them, allowing early stage detection of malicious programs. Detecting the
malicious file before it executes is highly effective to minimize the risk of
malware contaminating the system. Static analysis can be used to extract many
features from the parsed PE file such as:
section names, order of the sections, entropy of sections, imported
DLL’s, suspicious strings, usage of specific functions, code sections snippets,
etc. PE feature extraction is lightweight compared to dynamic approaches like
sandboxing and is not limited to a set of predefined signatures as in
traditional anti-viruses.