Malware Analysis and Reverse Engineering

Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.

Contact us
/en/services/cyber-risk/incident-response-litigation-support/malware-analysis /-/media/kroll/images/services/malware-analysis/malware-analysis-desktop-banner.jpg service

Our experts translate complex analytical findings into targeted deliverables for executive, legal, and technical stakeholders to provide insight into the nature and scope of any code-related event.


Malware Analysis and Reverse Engineering

Malware Triage and Analysis

Through a tailored application of static and dynamic analysis, Kroll’s cyber experts examine files to enumerate malicious functionality and develop comprehensive tear-down reports. Whether it's standalone analysis or as part of a broader investigation, our team rapidly assesses the underlying nature of a sample to understand the risk to data, systems, and networks.

  • Identify notable attributes such as malware family, Command and Control IP addresses or domains, host and network forensic artifacts, persistence mechanisms, and other indicators of compromise.
  • Apply industry-best techniques ranging from automated sandbox detonation and observation to low-level reverse engineering, disassembly, and decompilation.
  • Provide actionable recommendations to inform investigative next steps.

Source Code Security Review 

Our expertise in exploit development and malware reverse engineering offers a highly trained eye to analyze and test software in fully controlled environments and identify vulnerabilities or flaws that expose software to real-world risk.

  • Identify potential vulnerabilities in codebases to mitigate malicious exploitation
  • Perform static code examination and review
  • Dynamically test code functionality using industry-best methodologies
  • Apply automated fuzz-testing framework

Proactive Tooling Development

To keep up with the near-daily evolution of modern malware, our team supports proactive penetration testing by applying real-world attack methodologies in controlled settings to ensure your security posture is ready for the technical attacks of today and tomorrow.

  • Develop or repurpose malicious toolkits and utilities for heightened proactive testing
  • Customize existing capabilities to avoid detection
  • Support penetration testing exercises with real-world, cutting-edge attack methodologies

Reverse Engineering and Expert Code Review

The complexity of modern software lies at the heart of many intellectual property and trade secrets disputes. In support of expert witness and litigation matters, our team applies reverse engineering principles to determine how code operates and to understand critical factors behind its development.

  • Collect and review open-source information to include pertinent publicly available reporting, documentation, and projects
  • Perform in-depth code analysis in support of legal assessments and arguments
  • Produce detailed deliverables including declarations and supporting technical documentation for Legal and Technical audiences
  • Provide deposition and expert witness testimony as required

Investigative Value
  • Rapid triage to inform investigative next steps
  • Large-scale code teardowns in support of detailed reporting and legal requirements
  • Collaborative partner in identifying the impact of code in a wide variety of scenarios
  • Services tailored to the needs of the customer and objectives of the exercise

Technical Foundation

Highly knowledgeable in every major platform, including:

  • Windows, Linux, MacOS, iOS, Android, RTOS
  • Microsoft 365, Google Workspace, AWS, Azure
  • x86, x64, ARM, C, Java, Python, Go
  • Develop atomic and behavioral indicators fed directly into Kroll's detection and response service platforms
  • Incorporate up-to-date malware trends and active campaign intelligence across Kroll's global teams

Talk to a Kroll Expert

Kroll is ready to help, 24/7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber incident hotlines or our contact page.

Related Team

Connect with us

Marc Brawner
Marc Brawner
Managing Director and Global Head of Managed Services
Cyber Risk
Scott Hanson
Scott Hanson
Associate Managing Director & Head of Global Security Operations
Cyber Risk
Cole Manaster
Cole Manaster
Senior Vice President
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Comprehensive investment banking, corporate finance, restructuring and insolvency services to investors, asset managers, companies and lenders.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


New MFA Bypass Phishing Method Uses WebView2 Applications with Hidden Keylogger

Jul 28, 2022

by Scott Hanson Mikesh Nagar, George Glass


CVE-2021-43702 from Discovery to Patch: ASUS Modem/Router Device Takeover Vulnerability

Jun 21, 2022

by Luke Walker


Bumblebee Loader Linked to Conti and Used In Quantum Locker Attacks

Jun 06, 2022

by George Glass


ModPipe POS Malware: New Hooking Targets Extract Card Data

Jun 02, 2022

by Sean Straw


Webcast Replay – Q1 2022 – Threat Landscape Virtual Briefing: Threat Actors Target Email for Access and Extortion

May 18, 2022


The Kroll Intrusion Lifecycle: Threat Actor Behavior from a Visual Perspective

May 11, 2022

by Devon Ackerman


Kroll Partners with Armis to Extend Preparedness and Response for OT and ICS Environments

May 09, 2022


Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence

Oct 28, 2020


Kroll Recognized Among Top Managed Security Service Providers Worldwide by MSSP Alert

Sep 29, 2020


Kroll Named in the GIR 100

Oct 23, 2020


KAPE Intensive Training and Certification

Online Event Apr 12 - Dec 08, 2022 | Online Event