I haven't go my rhythm back this year, but yesterday I finally started to close some open issues that were bothering me and now I ready to start planning my to do list so I can get back in track with my project
Credit @malwarejunkie: There are 2 basic approaches to analyze malware or any PuP, the first approach is to study the file(s) itself (static), the second approach is to execute the file (dynamic) if possible. Basic static analysis is the first part of static analysis, it is process of analyzing the structure of the file by looking at it from the outside without diving into code and guessing the function of this file based on things observed such as: imported and/or exported functions, ASCII and Unicode strings,... A DLL or an EXE can export a function thus making it available to other EXEs and DLLs to import and use. Importing necessary functions is done by linking (static, dynamic, or runtime). Basic static analysis also involves looking at the PE (portable executable) header and sections to figure out info about the file such as: compilation date, space requirements on disk and in memory (virtual),... Usually if the size on disk is a lot less than the size in memory and the number of imports and strings is a lot less than usual, we are most probably looking at a packed file. A packed file contains the original binary file with a wrapper around it, when the packed file gets executed, it executes the wrapper program which unpacks/decompresses the original binary file and usually executes it, so when you try to analyze a packed file statically you can only analyze the wrapper program, this explains the small number of strings and imports compared to a regular unpacked file. To analyze the original binary file statically you have to figure out which packer was used to pack the file, then try to unpack it and obtain the original binary file.. this is a very basic overview of basic static analysis..