Static Analysis

Static analysis examines a malware sample without running it. You inspect the file's contents, structure, and metadata to learn what it might do.

It is safer than running unknown code and is usually the first step in any malware investigation.

Even static analysis should happen in an isolated environment: a dedicated analysis VM with no sensitive data, ideally with networking disabled.

Never analyze malware on your primary machine. Accidental execution or a malicious archive could compromise it.