Performing Static Malware Analysis with PEStudio When to Use - A suspicious Windows executable has been collected and needs initial triage before sandbox execution - You need to identify imports, strings, and resources that reveal malware functionality without running the sample - Determining whether a PE file is packed, obfuscated, or contains anti-analysis techniques - Extracting indicators of compromise (hashes, URLs, IPs, registry keys) embedded in a binary - Classifying a sample's capabilities based on its import table and section characteristics Do not use for dynamic behavioral analysi…