This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 2.5 of Fundamentals of Malware Analysis
Reading the IAT to infer malware behaviour before execution — suspicious API patterns, what a stripped IAT indicates, API hashing, and capability mapping with Capa.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quick Bite
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
Capa — Mandiant Capability Detection
Run against any PE to get MITRE ATT&CK mapped capabilities. Works even when imports are partially stripped.
MITRE ATT&CK — Windows API Technique Coverage
Browse ATT&CK techniques by tactic. Each technique lists the Windows APIs commonly used to implement it.
EpochZero Article — njRAT Static Analysis Walkthrough
Practical walkthrough of IAT analysis on a real RAT sample — PE structure, .NET decompilation, and IOC extraction.
Quadrant 4 · Self-Assessment
Fundamentals of Malware Analysis
Covers the analysis environment, PE file structure, static property examination, behavioural analysis, and dynamic code analysis of Windows executables.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.