Malware Analysis examines malicious code to determine functionality, origin, behavior, and indicators of compromise (IoC) used in detection and prevention.
Malware analysis is the process of dissecting malicious files (viruses, ransomware, trojans, spyware) to understand what they do, how they propagate, what data they exfiltrate, and how they can be detected. The MICAN.ro team uses static analysis techniques (reverse engineering) and dynamic analysis (sandbox execution) to extract IoCs and build detection rules for companies in Romania.
Static analysis: we examine the file without execution (strings, PE headers, obfuscation detection, disassembly with IDA Pro/Ghidra). Dynamic analysis: we execute malware in an isolated environment (sandbox, VM) and monitored (Process Monitor, Wireshark, API monitoring) to observe behavior: registry changes, file operations, network connections, process injection. We extract IoCs (IPs, domains, hashes, mutex names) for SIEM and EDR.
When your company in Romania is infected with unknown malware (custom ransomware, APT), classic antivirus solutions do not detect it. Malware Analysis identifies what that malware does, what servers it contacts, what data it steals, and how to block it across your infrastructure. It is essential for incident response, threat hunting, and building custom detection rules.
Companies in Romania that have detected suspicious files, ransomware victims wanting to understand the attack, organizations with threat intelligence programs, SOC/incident response teams needing IoCs for detection, or companies targeted by APT wanting to understand the attacker.