ClamAV
The first step in conducting a static analysis is to determine if the potential malware under analysis has been previously identified. A single sample’s hash can be uploaded to sites such as VirusTotal, but if a responder has acquired several files through their analysis, they will need to be able to determine if there are any that warrant further examination.
One technique is to use a commercial antivirus scanner to scan the directory. In this case, a free, open source tool that can be leveraged is ClamAV. ClamAV is a command-line utility that allows responders to scan a directory with a variety of suspicious file formats. From here, suspicious files that are identified can be further analyzed by the responder.
To set up ClamAV, download the package at https://www.clamav.net/downloads. In this example, we will use the Windows MSI file to install ClamAV.
The efficacy of ClamAV is largely dependent on the signatures that are included as part of the scanning package...
