We’ll finish this primer with several rules to keep in mind when performing analysis.
First, don’t get too caught up in the details. Most malware programs are large and complex, and you can’t possibly understand every detail. Focus instead on the key features. When you run into difficult and complex sections, try to get a general overview before you get stuck in the weeds.
Second, remember that different tools and approaches are available for different jobs. There is no one approach. Every situation is different, and the various tools and techniques that you’ll learn will have similar and sometimes overlapping functionality. If you’re not having luck with one tool, try another. If you get stuck, don’t spend too long on any one issue; move on to something else. Try analyzing the malware from a different angle, or just try a different approach.
Finally, remember that malware analysis is like a cat-and-mouse game. As new malware analysis techniques are developed, malware authors respond with new techniques to thwart analysis. To succeed as a malware analyst, you must be able to recognize, understand, and defeat these techniques, and respond to changes in the art of malware analysis.