This repository includes two malware analysis exercises focused on static analysis techniques. Using tools such as VirusTotal, Hybrid Analysis, PEStudio, and REMnux, both labs demonstrate how to extract behavioral traits and file characteristics without executing the malware.
-
LAB01_TWINING.pdf
Emotet malware analyzed using VirusTotal and Hybrid Analysis with focus on behavioral detection, hash lookup, and TTP identification. -
Basic_Static_Analysis_TWINING.pdf
Keylogger sample examined using REMnux strings utility, PEStudio scanning, and VirusTotal signature validation to identify imphash and behavioral indicators.
- Hash-based lookup with VirusTotal
- Yara rule discovery and reuse
- PE metadata extraction using PEStudio
- String analysis and section inspection via REMnux
- MITRE ATT&CK TTP mapping
- Imphash generation for signature-based detection
- Static detection of packers, obfuscation, and suspicious API usage
- REMnux (
strings, hashing tools) - PEStudio (Windows static analysis)
- VirusTotal (file intelligence, vendor flagging, imphash)
- Hybrid Analysis (sandboxed TTP breakdown and threat classification)
Michael Twining
Cybersecurity Researcher | Malware Analysis | GitHub: @usrtem
📫 michael.
5B71
twining@outlook.com
🌐 LinkedIn | YouTube
This project is licensed under the Creative Commons Attribution 4.0 International License.