This chapter discusses multiple ways to extract useful information from executables. In this chapter, we’ll discuss the following techniques:
Using antivirus tools to confirm maliciousness
Using hashes to identify malware
Gleaning information from a file’s strings, functions, and headers
Each technique can provide different information, and the ones you use depend on your goals. Typically, you’ll use several techniques to gather as much information as possible.