Peacock Scholarship
Reverse Engineering for Malware Analysis: A Comparison of Ghidra and IDA Pro as Tools for Analyzing 32-bit and 64-bit Programs
Public Deposited- Abstract
- In this study, the researcher used versions of disassembly tools Ghidra and IDA Pro to analyze basic, rudimentary 32-bit and 64-bit test programs to understand essential functionality and usage. They then accessed test 32-bit malware files, which were also coded into 64-bit compatible malware files, to see the full scope of what malware analysis looks like with these two programs. Main differences between the programs included basic Graphic User Interface interaction and easier to understand functions. For example, Ghidra allowed the researcher to see file strings, imported and exported functions, and provided an initial analysis of the file. IDA Pro, while providing similar information, requires deeper understanding of malware analysis that may be unfamiliar to beginners and may prove inefficient during active investigative efforts and attempts. Given these differences in functionality and ease of use, Ghidra is predicted to be the best tool for those new to malware analysis or those looking to conduct an investigation of multiple files or programs in quick succession. IDA Pro contains all necessary and pertinent functionality, but may lack the efficiency needed in the current cyber risk and detection climate.
- Last modified
- 05/29/2025
- Creator
- Contributors
- Subject
- Publisher
- Keyword
- Date created
- Resource type
- Rights statement
Relations
- In Collection:
Items
| Thumbnail | Title | Date Uploaded | Visibility | Actions |
|---|---|---|---|---|
|
|
MelanieArias_ReverseEngineeringforMalware_2025.pdf | 2025-05-29 | Public | Download |