Also referred to as runtime analysis, this involves the execution of a malicious sample in a virtualized/sandboxed environment. Once executed, observation of behaviors (system related, netowork related, and file related) would take place.

Entropy is a measurement of the randomness in a file. It is used to determine the amount of uncertainty or unpredictability in a data set. In the context of MA and RE, detecting the presence of randomness in a file often indicates that a malware sample is packed.

An IOC is, “pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.”

A Definition Of Indicators Of Compromise

Meaning that malware authors have been observed actively using “X” type of malware. For example, if someone says that bad.exe has been seen ITW it just means they have see it actively being leveraged/used.

A term that represents the loaning of malicious software or malware to an individual(s) who intends to leverage that code or malware for conducting a cyber attacks

Malware Analysis is the examination of a piece of malicious code. Specifically, progressing through the phases referenced in the Pyramid of Pain (but for malware analysis) will help determine functionality, threat posed, and in some cases the origin.

Mastering 4 Stages of Malware Analysis

At this stage rather than analysts executing the actual malware sample, manual code debugging would take place. This type of analysis allows you to get a better understanding of the samples structure.