Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Examining the structure and behavior of malicious software to support detection and response efforts.
Malware Analysis Definition: Examining the structure and behavior of malicious software to support detection and response efforts.
Malware Analysis combines science and art to dissect malicious software and understand its capabilities, objectives, and potential impact. Analysts typically employ multiple techniques, working from surface-level behavioral observation to deep technical dissection. Static analysis examines the malware without executing it—looking at file structure, embedded strings, and code patterns to identify malicious indicators. Dynamic analysis runs the malware in isolated environments to observe its behavior—what files it creates or modifies, network connections it attempts, and system changes it makes. Advanced techniques include memory forensics (examining runtime structures), code emulation (simulating execution without actually running the code), and manual reverse engineering (decompiling the malware to understand its internal logic). Each approach reveals different aspects of the malware's functionality. Organizations conduct malware analysis for multiple purposes: to develop detection signatures, understand attacker techniques, assess potential damage from incidents, and extract indicators of compromise to search for in their environment. Effective analysis requires specialized tools, isolated laboratory environments, and analysts skilled in programming, operating system internals, and network protocols.
Turn knowledge into credentials. Browse our instructor-led cybersecurity courses.
View All Courses →