Malware Analysis Framework from Static to Dynamic Analysis

Document Type

Journal Article


School of Computer and Information Science, Edith Cowan University


Computing, Health and Science


Computer and Information Science, Centre for Security Research




This article was originally published as: El-moussa, F., & Jones, A. (2008). Malware Analysis Framework from Static to Dynamic Analysis. Journal of Information Warfare, 7(3), 23-34. Original available here


Today, malicious software on networks is the major threat to internet security. Analysis of the malicious software is a multi-step process that can provide insight into its structure, functionality and behaviour that can be used to create an antidote. This paper focuses on how the analysis of malicious software can be used and how details of events gathered from an infected system can be used to detect a new infection. This strategy makes it possible to detect an infection on a honeypot that has been deployed to detect zero-day attacks. This paper demonstrates the steps taken in the analysis of malicious software from static to dynamic analysis, then the same methodology is used to analyse an infection on the honeypot. The paper concludes with an explanation of the difference between the static and dynamic analysis of malicious code.