Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads it to VirusTotal in order to confirm whether the file is malicious, provide information about its functionality, and provide information that will allow to produce simple network signatures. What type of malware analysis was performed here?
The malware analysis performed in this case is dynamic. This is because the file is uploaded to VirusTotal, which not only scans it with multiple antivirus engines but also analyzes it in a sandbox environment to observe its behavior when executed. Dynamic analysis involves executing the file in a controlled environment to examine its behavior, which is a key feature of the service provided by VirusTotal.
B. Static In static malware analysis, the file is examined without executing it. VirusTotal performs a static analysis by scanning the file with multiple antivirus engines and provides information about its potential malicious behavior based on signatures, without running the file in a live environment.