I received a tailored email with an infected attachment from a public email. I would like to more about the payload. What is the right way to study this? I would like to use a debugger. Easier, but riskier option is to run it on Windows guest/Linux host on a sacrificial box without wifi card and comparing disk images before and after infection.
If I go the debugger way, how should I unpack the code?
How to tell in what language the malware was written?
Can any code be debugged by changing defensive conditional jumps (like "if debugger present" jump, or there are other pitfalls?
How likely is it for malware jailbreak vmware and infect Linux host?
This is a time consuming project. You should familiarize yourself with several tools:
You will need to identify packer. PEID is a good start.
Unpacking tools (GUNPacker).
Debuggers (OllyDbg or WinDbg).
Code analysis tool (LordPE).
Dissasembler.
Binary Analysis Tools (PE Explorer).
At least get confident using these tools on your own code. Otherwise, it might be better to contact professionals.