I am doing a PhD on the subject so it's only right I post something up related to it. Whether you're a security researcher fishing for binaries or a system administrator that suspects an executable on a box might be a little bit fishy... this post is aimed at both of you.
Malware analysis can be painful to say the least, and in many cases you need to do manual inspection (at least for identification when an AV doesn't yet have a signature...) but what does save time and a lot of pain is automated analysis. There are sandboxes out there on the net that will allow you to upload your fishy binary and have it analysed on their machines, both in terms of a host assessment and the network activity. This is helpful in the remediation stage as you can firewall the appropriate ports and blacklist the relevant IPs while you deal with removing registry keys and rootkits in the meantime by using these results. Some will even cross reference it with multiple AV signatures to tell you what they flag it as.
Here are some FREE (!!!) automated malware analysis services on the net:
That should keep you going for now.