A foundational look at what malware is, why analysis matters, and how the field is structured around reading the story a binary tells.
⚡ Quick Bite · 20s
What truly constitutes malicious software? Spyware, ransomware, and rootkits — classification as your first line of defence.
Watch this 20-second summary before diving into the full article. Sign in to earn 5 leaderboard points.
The word "malware" is short for malicious software. It covers any program designed to act against the interests of the person running it. That definition is deliberately broad. A twenty-line batch script that wipes a directory qualifies, and so does a state-sponsored implant that survives firmware reflashes and hard disk replacements.
What makes malware analysis worth studying is not the definition itself but the variety of what an analyst encounters in practice. Every sample tells a story: who built it, what they wanted, how they tried to conceal it, and where they made mistakes. The analyst's job is to read that story from the binary.
Three audiences benefit directly from understanding how malware operates:
This course is organised around the question: given a suspicious binary, what does an analyst actually do? The answer unfolds over six units.
A new sample is rarely understood by staring at it. The analyst follows a structured sequence:
Each step answers a progressively deeper question. Not every sample requires all five — a known commodity dropper can be identified at step 1; a novel state-sponsored implant requires every step over days of work.
Unit 1 covers the foundational vocabulary and mental models needed before the first hands-on lab:
By the end of this unit, you should be able to look at a malware report and understand the vocabulary, recognise the techniques described, and know which tool to reach for at each stage of analysis.
Sign in to mark this article as read and track your progress.