Course Description

Dive into our comprehensive Malware Analysis course, designed to elevate enthusiasts from beginners to experts in tackling digital threats. This journey unravels the essential techniques and tools for identifying, analyzing, and neutralizing malware. With a combination of theoretical insights and practical exercises, including more than 45 hands-on labs, learners will master static and dynamic analysis, dissect complex malware with leading tools like IDA Pro and Ghidra, and delve into the specifics of handling readable/uncompiled code.

Additionally, students will become proficient in extracting Indicators of Compromise (IOCs) and crafting precise YARA rules to detect and mitigate threats effectively. Culminating in a certification exam, this course offers a pathway to not only gain a thorough understanding of malware's inner workings but also to achieve recognition for your expertise in the field. Whether you're looking to start a career in cybersecurity, enhance your current skills, or secure your digital environment, this course provides the knowledge and hands-on experience needed to face malware threats head-on.

Training Delivery Details

On Demand: Material | Certification of Completion | Exam Certification (Release Date: Q2)

The course material includes over 45 Hands-on Labs

Many new labs and videos are being added

Pricing Options

Kindly choose the enrollment pricing option that suits you best. Please note that the fees include the Course Material and Two Exam attempts (coming soon). If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

  • C5W Certified Malware Analyst (CCMA)

    No virtual lab access


    Buy Now
  • C5W Certified Malware Analyst (CCMA)

    Includes 40 hours of virtual lab access


    Buy Now


  • Introduction to Malware Analysis

    This foundational module is designed to provide students with a comprehensive understanding of malware, its various types, distribution methods, and the critical role of malware analysis in the cybersecurity ecosystem. This module sets the groundwork for aspiring malware analysts by covering the essentials of malware identification, analysis techniques, and the broader implications of malware in cyber threats.

  • Static Malware Analysis 101

    This module serves as the gateway to understanding the fundamentals of analyzing malware without executing the code. This module aims to equip participants with the skills to examine and analyze binary files, uncover malware signatures, and effectively use basic analysis tools. Through theoretical learning and practical exercises, students will gain insights into the inner workings of malware, identify its components, and learn how to use various tools to dissect malware statically.

  • Dynamic Malware Analysis 101

    This modlie introduces the foundational principles and practices involved in observing and analyzing malware behavior during execution. This modlie is designed to equip participants with the knowledge and skills necessary to safely execute malware in controlled environments, enabling them to observe its interactions with system resources, network traffic, and other processes in real-time. Through a combination of theoretical instruction and hands-on labs, students will learn to use various monitoring and analysis tools to gather data on malware behavior and understand its impact.

  • Static Malware Analysis 102 - IDA Pro

    This modlie takes a comprehensive look at static malware analysis using IDA Pro, the industry-standard tool for disassembling and debugging malware. IDA Pro enables analysts to dissect binary code into a readable format, providing invaluable insights into the inner workings of malicious software without executing it. This modlie is designed to equip participants with the skills to navigate IDA Pro's complex functionalities, enhancing their ability to uncover and understand malware functionality.

  • Static Malware Analysis 102 - Ghidra

    This module is dedicated to leveraging Ghidra, the open-source software reverse engineering (SRE) framework developed by the National Security Agency (NSA), for the purpose of conducting in-depth static analysis of malware. This module offers a comprehensive exploration into the functionalities and capabilities of Ghidra, guiding participants through the process of disassembling, analyzing, and understanding the code structure of malware without executing it.

  • Dynamic Malware Analysis 102

    Explores advanced techniques of analyzing and understanding malware behavior through the use of debuggers and unpacking methods. This segment builds upon the foundational knowledge acquired in Dynamic Malware Analysis 101, taking students deeper into the intricacies of malware operation and evasion techniques. Participants will learn how to effectively use debuggers to step through malware execution, identify and alter malware behavior in real-time, and apply unpacking techniques to reveal hidden code obscured by malware authors

  • Analyzing Managed Code (readable/uncompiled)

    This is a specialized module designed to equip participants with the methodologies and tools required for analyzing managed code malware. Managed code, such as that written in .NET, Python, or Java, operates within a managed execution environment that handles memory allocation, security, and other runtime services. This module delves into techniques for dissecting and understanding the behavior of malware written in these high-level languages, without the need for compiling the code.

  • Extracting IOCs and writing YARA Rules

    This is a crucial module that provides an in-depth understanding of Indicators of Compromise (IOCs), which are pieces of information used to detect malware, phishing attempts, and other malicious activities. Additionally, the module covers the creation of YARA rules, a vital tool for the cybersecurity community to classify and identify malware samples.

  • More than 10 Extra Hands-on Labs

    This is an expansive module crafted to solidify and expand the practical knowledge gained throughout the malware analysis course. This module focuses on applying and integrating the analysis techniques and tools discussed in previous lessons through a series of engaging, real-world inspired labs. A significant highlight of these labs is the exploration of various threat actor methods, including different process injection techniques employed by malware to evade detection and escalate privileges within infected systems.

  • Certification Exam (Coming Soon)

    Upon completion of the course, a certification exam will be available to validate your expertise in malware analysis. (Details on the certification process will be provided later.)

Course Material

  • Slide Notes & Lab Documents

    Training material including the course slides, lab documents, and references for further reading.

  • Malware Samples

    A copy of all the malware samples used during the training. Many of the samples have been custom built for the training, while others are real-world malware samples.

  • Certificates

    At the end of the course, you will receive a Certificate of Completion that proves you have completed the course.

    However, to obtain our C5W Certified Malware Analyst (CCMA) certification you will be required to take an exam.

Learning Objectives

After completing this course, the student will be able to perform the following:

  • Define and recognize various types of malware

  • Analyze and interpret the behavior of malware specimens in controlled environments

  • Identify common evasion techniques employed by malware

  • Identify key indicators of compromise through static analysis

  • Gain proficiency in executing malware in a controlled environment for behavioral analysis

  • Apply theoretical knowledge through hands-on exercises using real-world malware samples

  • Learn to create and utilize signatures for the detection of known malware patterns

  • Develop strategies for proactive malware detection

  • Learn mitigation strategies to contain and eradicate malware infections

  • Develop practical skills in using malware analysis tools and platforms


This course assumes no previous knowledge in malware analysis. However, basic knowledge in computer science, programming, or any related field is highly desirable.

The Value of the Training

After completing this course, students will be able to demonstrate how to analyze malware, extract IOCs, and write a report about their analysis.

Who is this Training For?

Anyone who is willing to start a career in this field and needs the skills to do malware analysis, and also those who are curious about learning how to analyze malware.

System Requirements:

what you need to for the course

1. Workstation or laptop with a Modern Operating System (e.g. Windows, Linux, macOS, etc)
2. Capability of running virtualization software (e.g. VMWare, VirtualBox, etc)
3. More than 50 GB of disk space for the VMs used