In vulnerability assessment and reverse engineering, Static malware analysis mainly refers to:

Correct Answer: C

static malware analysis inspects malware without running it, using strings, headers, imports, or disassembly

The correct answer is static malware analysis inspects malware without running it, using strings, headers, imports, or disassembly. This matches the course topic 'Static malware analysis' in Vulnerability Assessment & Reverse Engineering.