The process of reversing a malicious binary or code, or observing a malware’s behaviour during running. Since running malware is like playing with fire, malware analysis is usually done in sandbox environments. (You can see a definition of sandboxes in this glossary).