What do you think?
Rate this book
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
You'll learn how to:
–Set up a safe virtual environment to analyze malware
–Quickly extract network signatures and host-based indicators
–Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
–Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
–Use your newfound knowledge of Windows internals for malware analysis
–Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
–Analyze special cases of malware with shellcode, C++, and 64-bit code
Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.
Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis .
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
You'll learn how to:
–Set up a safe virtual environment to analyze malware
–Quickly extract network signatures and host-based indicators
–Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
–Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
–Use your newfound knowledge of Windows internals for malware analysis
–Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
–Analyze special cases of malware with shellcode, C++, and 64-bit code
Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.
Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis .
800 pages, Paperback
First published July 15, 2011
270 people are currently reading
2470 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 31 reviews
June 13, 2016
Written by Mandiant experts, this is THE BOOK to read if you interested in malware analysis and reverse engineering. Practical, concise and easy to read, it assumes no prior knowledge and will get you started even if you are a complete beginner.
October 1, 2018
While outdated in terms of the labs and operating system, there is no better text for introducing malware analysis to the uninitiated. The authors dive in with you, carefully unfolding each layer of investigation, building on knowledge rapidly, and providing enabling outcomes that build confidence. The span of coverage from entropy analysis and disassembly analysis to Internet simulation and kernel debugging, allow the reader to develop a workable toolset. The move to RegEx and profile development make possible precision responses to custom maleware that can slip through even many of the current generation of automated defenses.
Once you've read this book, consider moving to decompiling at least for initial work, and take advantage of newer sandboxing methods for pre-work. Also, realize that operating systems have evolved and one should be considering recent evolution in OS caching and stack modifications.
With this book now a seminal work, Sikorski and Honig leave the community heavily in their debt.
Once you've read this book, consider moving to decompiling at least for initial work, and take advantage of newer sandboxing methods for pre-work. Also, realize that operating systems have evolved and one should be considering recent evolution in OS caching and stack modifications.
With this book now a seminal work, Sikorski and Honig leave the community heavily in their debt.
July 14, 2012
One of the few book about the reverse engineering of malware. The scarcity alone makes the book worth reading.
December 6, 2018
A lot of the book shows its age, but it is packed with very useful information
The attack examples were useful. A lot of information about Windows and the analysis techniques used to examine the malware.
The attack examples were useful. A lot of information about Windows and the analysis techniques used to examine the malware.
August 9, 2025
𝕀'𝕞 𝕚𝕞𝕡𝕣𝕖𝕤𝕤𝕖𝕕, 𝕥𝕠 𝕞𝕖 𝕀 𝕓𝕖𝕝𝕚𝕖𝕧𝕖 𝕤𝕠𝕞𝕖 𝕡𝕖𝕠𝕡𝕝𝕖 𝕤𝕙𝕠𝕦𝕝𝕕 𝕓𝕖 𝕔𝕒𝕝𝕝𝕖𝕕 𝕘𝕖𝕟𝕚𝕦𝕤 𝕚𝕟 𝕕𝕠𝕚𝕟𝕘 𝕨𝕙𝕒𝕥 𝕥𝕙𝕖𝕪 𝕜𝕟𝕠𝕨 𝕙𝕠𝕨 𝕥𝕠 𝕕𝕠 𝕓𝕖𝕤𝕥, 𝕨𝕙𝕖𝕟 𝕚𝕥 𝕔𝕠𝕞𝕖𝕤 𝕥𝕠 𝕕𝕖𝕒𝕝𝕚𝕟𝕘 𝕨𝕚𝕥𝕙 𝕘𝕖𝕥𝕥𝕚𝕟𝕘 𝕤𝕠𝕝𝕦𝕥𝕚𝕠𝕟𝕤 𝕒𝕟𝕕 𝕣𝕖𝕧𝕖𝕒𝕝𝕚𝕟𝕘 𝕤𝕖𝕔𝕣𝕖𝕥𝕤 𝕀 𝕔𝕒𝕟 𝕧𝕠𝕦𝕔𝕙 𝕗𝕠𝕣 𝕁𝔹𝔼𝔼 𝕊ℙ𝕐 𝕋𝔼𝔸𝕄 𝕙𝕒𝕔𝕜𝕚𝕟𝕘 𝕤𝕖𝕣𝕧𝕚𝕔𝕖𝕤 𝕒𝕤 𝕞𝕒𝕟𝕪 𝕥𝕚𝕞𝕖𝕤 𝕒𝕤 𝕡𝕠𝕤𝕤𝕚𝕓𝕝𝕖 𝕓𝕖𝕔𝕒𝕦𝕤𝕖 𝕠𝕗 𝕥𝕙𝕖 𝕓𝕣𝕚𝕝𝕝𝕚𝕒𝕟𝕥 𝕒𝕟𝕕 𝕤𝕦𝕡𝕖𝕣𝕓 𝕥𝕖𝕒𝕞𝕨𝕠𝕣𝕜 𝕥𝕙𝕖𝕪 𝕡𝕠𝕣𝕥𝕣𝕒𝕪𝕖𝕕. 𝕋𝕙𝕖𝕪 𝕒𝕣𝕖 𝕤𝕦𝕣𝕖𝕝𝕪 𝕥𝕙𝕖 𝕓𝕖𝕤𝕥 𝕀'𝕧𝕖 𝕤𝕖𝕖𝕟 𝕤𝕠 𝕗𝕒𝕣 𝕠𝕟 𝕀𝕟𝕤𝕥𝕒𝕘𝕣𝕒𝕞 𝕚𝕟 𝕞𝕪 𝕢𝕦𝕖𝕤𝕥 𝕗𝕠𝕣 𝕞𝕪 𝕕𝕖𝕤𝕚𝕣𝕖. 𝔼𝕧𝕖𝕣𝕪𝕠𝕟𝕖 𝕤𝕙𝕠𝕦𝕝𝕕 𝕖𝕟𝕕𝕖𝕒𝕧𝕠𝕣 𝕥𝕠 𝕝𝕖𝕒𝕧𝕖 𝕒 𝕣𝕖𝕧𝕚𝕖𝕨 𝕠𝕟𝕔𝕖 𝕥𝕙𝕖𝕪 𝕘𝕖𝕥 𝕤𝕒𝕥𝕚𝕤𝕗𝕚𝕖𝕕 𝕛𝕦𝕤𝕥 𝕥𝕙𝕖 𝕤𝕒𝕞𝕖 𝕨𝕒𝕪 𝕀 𝕡𝕣𝕠𝕞𝕚𝕤𝕖𝕕 𝕥𝕠 𝕕𝕠 𝕕𝕦𝕣𝕚𝕟𝕘 𝕞𝕪 𝕖𝕒𝕣𝕝𝕪 𝕕𝕒𝕪𝕤 𝕠𝕗 𝕙𝕚𝕣𝕚𝕟𝕘 𝕥𝕙𝕖𝕞. 𝕔𝕠𝕟𝕝𝕖𝕪𝕛𝕓𝕖𝕖𝕤𝕡𝕪𝟞𝟘𝟞@𝕘𝕞𝕒𝕚𝕝.𝕔𝕠𝕞 𝕕𝕚𝕕 𝕓𝕣𝕚𝕝𝕝𝕚𝕒𝕟𝕥, 𝔼𝕧𝕖𝕣𝕪𝕥𝕙𝕚𝕟𝕘 𝕨𝕒𝕤 𝕢𝕦𝕚𝕔𝕜, 𝕤𝕖𝕟𝕕 𝕕𝕞 𝕥𝕠 𝕥𝕖𝕒𝕞 𝕁𝔹𝔼𝔼 𝕊ℙ𝕐 𝕋𝔼𝔸𝕄 𝕠𝕟 𝕋𝕖𝕝𝕖𝕘𝕣𝕒𝕞 +𝟜𝟜 𝟟𝟜𝟝𝟞 𝟘𝟝𝟠𝟞𝟚𝟘
July 3, 2023
The best book on malware analysis, hands down. It does suffer from its age a bit, and unfortunately it's very dry reading, to the point that by the time I actually read through this book I had already learned the vast majority of the contents from my own research and work... but it's a solid book that everyone interested in this field should eventually make their way through, no matter what their journey to that destination looks like and how long it takes.
November 18, 2021
You will have to be comfortable with C and Assembly to some degree. If not, you should be willing to learn it.
PMA is the quintessential book for learning how to understand malware at the lowest level. It is often referred to as the "Malware Bible" by some circles for this reason.
If your goal is to understand, experiment with, or direct real malware; then this is the book for you!
PMA is the quintessential book for learning how to understand malware at the lowest level. It is often referred to as the "Malware Bible" by some circles for this reason.
If your goal is to understand, experiment with, or direct real malware; then this is the book for you!
December 27, 2022
Good book but some outdated techniques (such as programs used and the sandbox/VMs mentioned)..understandable given the date of publication. Working through the labs are valuable in becoming a practitioner.
August 15, 2025
The malware bible for a reason. One of the best books I read when it comes to malware analysis. Qhile some parts are outdated like the OS and labs, it's still a great introduction book to reverse engineering and malware analysis
August 19, 2017
amazing
August 25, 2018
Very, very good, the standard introductory text for people getting into malware analysis.
November 30, 2018
Excellent and example-driven.
August 2, 2019
RTFM. This is canon M.
December 21, 2019
Very solid.
June 12, 2020
very helpful ! spending some quality time reverse engineering
November 23, 2020
It is a must read for those who want to get into malware analysis. Some of the samples described in the book are very old, however the principles of reversing/analysis still apply.
October 2, 2022
The best into book on the market. Hands down got me reversing I'm no time.
June 10, 2023
A bit out of date especially some of the labs, but honestly very practical and a lot of the Windows stuff is still extremely relevant.
June 21, 2023
Experienced engineers will enjoy the book to its fullest. It's kinda outdated but there isn't something better.
Read
August 26, 2023Reference material for my application forensics module.
September 14, 2016
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.
For those who want to stay ahead of the latest malware, *Practical Malware Analysis* will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
You'll learn how to:
Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.
Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in *Practical Malware Analysis*.
January 1, 2017
Took Michael Sikorski's class on malware analysis. This book perfectly complements the course (surprise!). It lays out the material in a very logical and clear way, with a heavy emphasis on practice rather than theory. That's not to say it skimps on explanations of the inner workings of the malware, it just approaches everything from a very practical standpoint. (Again, big shocker, given the title.)
The book is sectioned in order of how one would actually go about performing malware analysis:
- Basic Static Analysis (using various tools on the malware to gather info about it without actually examining its internals or running it)
- Basic Dynamic Analysis (running the malware, using tools to gather info)
- Advanced Static (examining internals in a disassembler, i.e. using IDA Pro (a.k.a the Greatest Piece of Software On Earth))
- Advanced Dynamic (running the malware in a debugger, i.e. using OllyDbg (a.k.a. the Second Greatest Piece of Software On Earth))
- Malware Functionality (general overview of malware behavior, various types of injection, encryption/obfuscation, network signatures, etc)
- Anti-reversing (discussion of what the malware writer can do to prevent the malware from being analyzed, including anti-disassembly, anti-debugging, anti-VM, anti-All The Things, packing, etc)
- Special Topics (shellcode, c++, etc)
Great class, great book, learned a ton, got a crappy grade because I turned in all the assignments late. (Don't start the assignments the night before they're due. Big mistake.)
P.S. The only downside is that this book is only for Windows XP. Considering I'm a Mac person all the way, I wish there'd been some discussion of the malware written for Macs and how it differs from the Windows XP malware, but alas, it's still a fantastic intro to malware analysis in general. The theory is probably that once you know how to do it, you'll have the tools to extrapolate to other operating systems.
P.P.S. Sort of loving the cover, with the malware as the cute alien about to get skewered.
The book is sectioned in order of how one would actually go about performing malware analysis:
- Basic Static Analysis (using various tools on the malware to gather info about it without actually examining its internals or running it)
- Basic Dynamic Analysis (running the malware, using tools to gather info)
- Advanced Static (examining internals in a disassembler, i.e. using IDA Pro (a.k.a the Greatest Piece of Software On Earth))
- Advanced Dynamic (running the malware in a debugger, i.e. using OllyDbg (a.k.a. the Second Greatest Piece of Software On Earth))
- Malware Functionality (general overview of malware behavior, various types of injection, encryption/obfuscation, network signatures, etc)
- Anti-reversing (discussion of what the malware writer can do to prevent the malware from being analyzed, including anti-disassembly, anti-debugging, anti-VM, anti-All The Things, packing, etc)
- Special Topics (shellcode, c++, etc)
Great class, great book, learned a ton, got a crappy grade because I turned in all the assignments late. (Don't start the assignments the night before they're due. Big mistake.)
P.S. The only downside is that this book is only for Windows XP. Considering I'm a Mac person all the way, I wish there'd been some discussion of the malware written for Macs and how it differs from the Windows XP malware, but alas, it's still a fantastic intro to malware analysis in general. The theory is probably that once you know how to do it, you'll have the tools to extrapolate to other operating systems.
P.P.S. Sort of loving the cover, with the malware as the cute alien about to get skewered.
June 24, 2016
I used this book for a malware analysis class and I really enjoyed it. The content is presented in a clear manner and is kept interesting throughout. It even managed to teach me the basics of assembly language.
The "secret sauce" of this book, however, is the lab projects. You can download from their website files that you then analyze following the guidance in lab section present in most chapters. At the end of the book there are quick answers as well as a longer and more detailed explanation for how to get to the answers. This hands-on learning method was my favorite part of the book.
Note: in order to do the labs you need a virtual machine and should have an image of an older version of Windows (such as XP or Server 2008).
The "secret sauce" of this book, however, is the lab projects. You can download from their website files that you then analyze following the guidance in lab section present in most chapters. At the end of the book there are quick answers as well as a longer and more detailed explanation for how to get to the answers. This hands-on learning method was my favorite part of the book.
Note: in order to do the labs you need a virtual machine and should have an image of an older version of Windows (such as XP or Server 2008).
November 22, 2014
Actually, this book does not only teach you how to stick with malware, but also a lot of reverse engineering stuffs and tricks, required in any RCE projects. Very clear explanation, after reading the book and finishing all the exams, it was quite easy to dissect real malware with a broad complexity, for example FinFisher.
January 9, 2015
Best book on malware analysis currently out there.
October 17, 2012
One of the best all in one books about malware and reverse engineering in that section!
October 13, 2014
A must read. You defiantly want to read this book if you want to enter the reverse engineering world.
March 3, 2014
Best book explains the malware in clear and excellent manner
October 8, 2016
Fanstatic. Every lab is worth doing.
Read
August 15, 2023This book was extremely informative. I'm yearning to read more books relating to Malware Analysis.
Displaying 1 - 30 of 31 reviews