Wednesday, September 14, 2005

Malware Analysis Tools

Most of anti virus developer has their own technique and skill to get rid of mal-ware content. Making analysis for the captured mal-ware is very important before deciding whether it is harmful or not. Anti virus or security company with Malware Analyst job has their own & useful tools to trace malware like behaviour. Well, here it is some basic tools for Reverse Code Engineering. Click on each list for detail:

PE Editor/Memory Dump:
LordPE Deluxe
OllyDump

Explorer Suite (Combine with all the tools we need).

Packer/ID Detector:
TrID
PEiD
ExeInfo PE
Protection ID
AT4RE FastScanner
DiE (Detect it Easy)
RDG Packer Detector
Jim Clausing's Malware Packer Signatures
Neil's Collection of Packer Signatures
packerid.py (Python)

Sometime, one packed detector is not enough. Not all detector can detect all packer.

Disassembly/Debugger Tools:
OllyDebugger, OllyScript
Interactive Disassembler (IDA)

Resource Viewer:
PE Explorer
ResHacker

Process Monitor:
Sysinternals Process Explorer

File & Folder Watcher:
SpyMe Tools

Registry Snapshot:
RegShot

Network Tools:
WireShark
NMap
Snort

Honeypot:
HiHAT (Website)

Sandbox:
Sandboxie

Other Miscellanous tools:
Sandboxie
VMWare
Microsoft Virtual PC

Online tools:
VirusTotal
ThreatExpert

No comments:

Post a Comment