Malware Forensics

Comprehensive malware forensics skill for analyzing malicious software samples. Enables static and dynamic analysis, extraction of indicators of compromise, attribution research, and documentation of malware capabilities for incident response and threat intelligence.

Capabilities

• Static Analysis: Analyze malware without execution (strings, headers, imports)
• PE Analysis: Parse Windows executables, DLLs, and drivers
• Document Analysis: Analyze malicious Office documents and PDFs
• Script Analysis: Analyze malicious scripts (PowerShell, VBA, JavaScript)
• IOC Extraction: Extract IPs, domains, URLs, hashes, and other indicators
• YARA Scanning: Scan samples with YARA rules for identification
• String Analysis: Extract and categorize strings from samples
• Behavior Analysis: Document observed malware behavior
• Unpacking Support: Identify and document packed samples
• Attribution Analysis: Link samples to threat actors or campaigns

Quick Start