: Generate a SHA-256 or MD5 hash of the ZIP file and its contents.
Static analysis involves examining the file without actually running it.
: Extract the ZIP (carefully) to see the actual files inside. Common malicious payloads include .exe , .vbs , .js , .lnk , or heavily obfuscated .iso / .img files designed to trick users.
: Search for these hashes on VirusTotal to see if other security vendors have already flagged it as malicious.