.

This chapter discusses multiple ways to extract useful information from executables. In this chapter, we’ll discuss the following techniques:

• Using antivirus tools to confirm maliciousness

• Using hashes to identify malware

• Gleaning information from a file’s strings, functions, and headers

Each technique can provide different information, and the ones you use depend on your goals. Typically, you’ll use several techniques to gather as much information as possible.