malware-analyst
Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification. Handles static/dynamic analysis, unpacking, and IOC extraction. Use PROACTIVELY for malware triage, threat hunting, incident response, or security research.
Author
Category
Other ToolsInstall
Hot:5
Download and extract to your skills directory
Copy command and send to OpenClaw for auto-install:
Download and install this skill https://openskills.cc/api/download?slug=sickn33-skills-malware-analyst&locale=en&source=copy
Malware Analyst - Malicious Software Analysis Expert Skills
Skill Overview
Malware Analyst is an AI analysis skill focused on defensive malware research. It provides comprehensive malware sample analysis capabilities—from static analysis to dynamic sandbox execution—helping security analysts quickly complete sample classification, IOC extraction, and threat intelligence generation.
Use Cases
1. Incident Response and Emergency Handling
When a security team discovers a suspicious sample, it can quickly perform malware classification, extract network IOCs, and identify persistence mechanisms, providing critical intelligence to block and remediate.
2. Threat Hunting and Intelligence Research
By conducting in-depth behavioral analysis and family identification of samples, it correlates known threat organizations and tracks attackers’ TTPs (tactics, techniques, and procedures).
3. CTF Competitions and Security Learning
It offers a complete analysis framework for security practitioners and students, covering practical techniques such as packer detection, string extraction, and deobfuscation.
Core Functions
1. Static and Dynamic Analysis Engine
Supports static analysis such as file hash identification, import table analysis, string extraction, and packer detection, as well as dynamic analysis capabilities including sandbox behavior monitoring, network traffic capture, and registry change tracking.
2. Automatic IOC Extraction
Automatically extracts threat indicators such as network metrics (IP, domain, URL), filesystem metrics (creation path, file hash, mutex), registry modification points, and supports generating YARA detection rules.
3. Behavioral Feature Recognition
Identifies common persistence mechanisms (registry Run keys, scheduled tasks, WMI subscriptions), anti-virtual machine/anti-debugging techniques, process injection, C2 communication patterns, and other malicious behavioral features.
Frequently Asked Questions
What is the complete workflow for malware analysis?
The full workflow typically includes four stages: initial identification (file hash and type determination), static analysis (decompilation, strings, import tables), dynamic analysis (sandbox execution and behavior monitoring), and report generation (IOC extraction and threat rating).
What’s the difference between static analysis and dynamic analysis?
Static analysis does not execute malicious code; it infers behavior by examining file structure, strings, import/export tables, and similar artifacts. Dynamic analysis runs the sample in a controlled environment and directly observes its real behavior, such as network communication, file operations, and process activity. Combined, they produce a more complete profile of the sample.
How can packed and obfuscated malware be detected?
It can be identified using specialized tools such as Detect It Easy and exeinfope, or by using entropy analysis and section anomaly checks. Packed samples usually need to be unpacked first with tools like Unipacker, x64dbg+Scylla, and then subjected to subsequent analysis.