static analysis on malware still risks triggering something if you open it wrong. are you doing full emulation or just string/header extraction to stay safe