Most of anti virus developer has their own technique and skill to get rid of mal-ware content. Making analysis for the captured mal-ware is very important before deciding whether it is harmful or not. Anti virus or security company with Malware Analyst job has their own & useful tools to trace malware like behaviour. Well, here it is some basic tools for Reverse Code Engineering. Click on each list for detail:
PE Editor/Memory Dump:
LordPE Deluxe
OllyDump
Explorer Suite (Combine with all the tools we need).
Packer/ID Detector:
TrID
PEiD
ExeInfo PE
Protection ID
AT4RE FastScanner
DiE (Detect it Easy)
RDG Packer Detector
Jim Clausing's Malware Packer Signatures
Neil's Collection of Packer Signatures
packerid.py (Python)
Sometime, one packed detector is not enough. Not all detector can detect all packer.
Disassembly/Debugger Tools:
OllyDebugger, OllyScript
Interactive Disassembler (IDA)
Resource Viewer:
PE Explorer
ResHacker
Process Monitor:
Sysinternals Process Explorer
File & Folder Watcher:
SpyMe Tools
Registry Snapshot:
RegShot
Network Tools:
WireShark
NMap
Snort
Honeypot:
HiHAT (Website)
Sandbox:
Sandboxie
Other Miscellanous tools:
Sandboxie
VMWare
Microsoft Virtual PC
Online tools:
VirusTotal
ThreatExpert
No comments:
Post a Comment