jueves, 26 de diciembre de 2013

[Tool] Few very useful tools for dynamic malware analysis


Some time we need to analysis some executables, and Cuckoo sandbox and other sandboxes can't get information what we want / don't work.

So here a few very useful tools for dynamic malware analysis:

  • CFF Explorer - a freeware suite of tools including a PE editor called CFF Explorer and a process viewer
  • Process Explorer - shows you information about which handles and DLLs processes have opened or loaded. 
  • Process Hacker  - process viewer with powerful process termination and memory searching/editing capabilities.
  • LordPE - is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, ...
  • PeSturdio - performing the static investigation of any Windows executable binary.
  • Process Monitor - is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  • TcpView - is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
  • Wireshark - very powerful network analyzer
  • Peframe -  is a tool to perform static analysis on (portable executable) malware
  • RegShot - It is a small command line tool for creating and comparing two registry files, export the registry, merge .REG files and much more.


I will update this list, with all useful tools what I see.

Best regards

No hay comentarios:

Publicar un comentario en la entrada