| Technique | What It Tells You | Tools |
|---|---|---|
| Strings Analysis | URLs, IPs, registry keys, file paths, crypto functions | strings.exe, FLOSS |
| PE Header Analysis | Compile time, imported functions, packed sections | PEStudio, PE-bear |
| YARA Rules | Pattern matching to identify malware families | yara, yarGen |
| Dynamic Analysis | What it actually does when run | Cuckoo Sandbox, ANY.RUN |
| Network Analysis | C2 communication, data exfiltration | Wireshark, FakeNet |
| Disassembly | Low-level code logic | Ghidra, IDA Free, Binary Ninja |