Summary
Both approaches to analysis, static and dynamic, have their means to extract information and are required to properly analyze a file. Before doing dynamic analysis, it is recommended to start with static analysis first. We stick to our goal of generating an analysis report from the information we get. The analyst is not limited to using just the tools and resources outlined here to conduct an analysis—any information from the internet is useful, but validating it with your own analysis will stand as proof. Taking all items from the file, such as notable text strings, imported API functions, system changes, code flows, and possible blocks of behaviors are important, as these may be useful when building an overview of the file.
The result of the static analysis draws together the approach and resources that need to be prepared for dynamic analysis. For example, if the static analysis identified the file as a Win32
PE file executable, then tools for analyzing PE files will need to be...