# Static Analysis

Here the malware is analyzed without being executed using it's headers, file properties, strings etc.

## Steps to conduct Static Analysis

1. Check the file extension using `file [malware]` to verify the actual extension of the malware.
2. Check strings using `strings [file]` 
3. Calculate the file hash using `md5sum` , `sha256sum` , `sha1sum` . The obtained hash can be used for further analysis using external tools like Virus Total. 

#### **Checking PE Headers**

PE Headers provide metadata and insights into the coding of the subjected executable. It also shows the imported functions from the other libraries. It has the following three sections

* .**text:** This Section generally contains the CPU instructions executed when the PE file is run. This section is marked as executable.
* **.data:** This Section contains the global variables and other global data used by the PE file.
* **.rsrc:** This section contains resources that are used by the PE file, such as images, icons, etc.

#### PECheck