Overview of static methods of analysis malicious software

Abstract

In today's world, the problem of losses from the actions of malicious software (or ordinary software, which has the characteristics of undeclared functions) continues to be extremely relevant. Therefore, the creation and modification of anti-virus solutions for protection and analysis of malware (software) is a relevant and promising area of research. This is due to the lack of a single, universal method that provides 100% finding malicious code. The paper considers the composition and main components of static analysis. The main methods of static analysis is identified, and relevant examples of almost all of them are given. Got concluded that the main advantages of static analysis are that by using a relatively simple set of commands and tools, it is possible to perform malware analysis and partially understand how it works. Attention is drawn to the fact that static analysis does not give 100% certainty that the investigated software is malicious. With this in mind, to provide a more meaningful analysis, you need to collect as much data as possible about the structure of the file, its possible functions, etc. Analysis of files for the possible presence of malicious code is provided through the use of appropriate programs to view their structure and composition. A more informative way is to analyze the Portable Executable format. It consists of the analysis of various sections of the code of fields and resources. Since static analysis does not always provide the required level of guarantees, it is better to use machine learning algorithms at the stage of making the final classification decision (malicious or not). This approach will make it possible to process large data sets with greater accuracy in determining the nature of the software is analyzed. The main purpose of this work is to analyze the existing methods of static malware analysis, and review the features of their further development.