What is static executable file analysis?

• A. It is a process that consists of collecting information about and from an executable file without actually launching the file under any circumstances
• B. It is a process that consists of collecting information about and from an executable file by launching the file under any circumstances
• C. It is a process that consists of collecting information about and from an executable file without actually launching an executable file in a controlled and monitored environment
• D. It is a process that consists of collecting information about and from an executable file by launching an executable file in a controlled and monitored environment

Answer: (A)

Static executable file analysis is examining an executable without running it. You inspect the file as data, looking at its structure and contents—headers, sections, imports/exports, strings, resources, and metadata—to infer what it might do, what tools produced it, whether it’s packed or obfuscated, and whether it’s signed. Because nothing is executed, you won’t trigger any payloads, which makes this approach safe and fast for initial reconnaissance. You can also perform static techniques like disassembly or decompilation to understand potential instructions without actually executing them, and you can gather indicators such as hashes and compiler signatures.

That’s why choosing the option that emphasizes collecting information without launching the file under any circumstances best matches static analysis. The other options describe executing the program, in or out of a controlled environment, which aligns with dynamic analysis rather than static analysis. Static analysis can be done without running the program, in any suitable setting.