Malware Analysis — Tools And Resources

Photo by Todd Quackenbush on Unsplash

Analyzing malware could be daunting task; fortunately, many tools and resources are at our disposal that could help us make this task a little bit easier.

Network Tools

• Wireshark
• Microsoft Network Monitor
• Netcat
• BurpSuite
• Fiddler
• DNS Query Sniffer
• FakeNet-NG
• INetSim

PE Analysis Tools

• PE-bear
• pev the PE file analysis toolkit
• PeStudio
• PEiD
• Resource Hacker
• CFF Explorer
• Exeinfo PE
• Dependency Walker

Dynamic / Behavioral Analysis Tools

• Process Explorer
• Process Monitor
• Process Hacker
• CaptureBAT
• Sysmon
• API Monitor
• CMD Watcher
• Autoruns
• Regshot
• Flypaper (Password : “rich”)
• Microsoft ASA (Attack Surface Analyzer)

Debugging Tools

• X64dbg
• Immunity Debugger
• WinDbg

Reverse Engineering Tools

• IDA Pro
• Ghidra
• dotPeek
• Scylla
• PdbXtract

Analyzing Suspicious Files / Sandboxing

• Virus Total
• Hybrid Analysis
• Cuckoo
• Any.run
• Intezer
• Joe Sandbox

VB Analysis Tools

• ViperMonkey
• decode-vbe.py
• oledump.py

Strings Analysis Tools

• FLOSS
• Sysinternals Strings
• Fireeye stringsifter

Malware Analysis VM

• REMnux
• OALabs Malware Analysis VM
• FLARE VM
• Kali Linux

Other

• Didier Stevens Suite
• Fireeye Market
• ProcDOT
• Malzilla
• Kahu Security Tools
• HashMyFiles
• CyberChef
• HxD

Resources / Getting Started

• Colin Hardy
• OALabs
• Malware Unicorne Workshops
• MalwareAnalysisForHedgehogs
• How to start RE/malware analysis? — hasherezade
• Malwology
• Haruko
• MalwareTech
• Malware Breakdown
• Malware-Traffic-Analysis
• Journey Into Incident Response
• Analyzing Malicious Documents Cheat Sheet

Malware Samples

• MalShare
• Malware Traffic Analysis
• Virusign
• theZoo
• VX Vault
• CyberCrime

I’ll be updating this list constantly so please look forward to it.

Thanks for reading. Please feel free to send me any suggestions or comments on twitter @nas_bench