Some time we need to analysis some executables, and Cuckoo sandbox and other sandboxes can't get information what we want / don't work.
- CFF Explorer - a freeware suite of tools including a PE editor called CFF Explorer and a process viewer
- Process Explorer - shows you information about which handles and DLLs processes have opened or loaded.
- Process Hacker - process viewer with powerful process termination and memory searching/editing capabilities.
- LordPE - is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, ...
- PeSturdio - performing the static investigation of any Windows executable binary.
- Process Monitor - is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
- TcpView - is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
- Wireshark - very powerful network analyzer
- Peframe - is a tool to perform static analysis on (portable executable) malware
- RegShot - It is a small command line tool for creating and comparing two registry files, export the registry, merge .REG files and much more.
I will update this list, with all useful tools what I see.
No hay comentarios:
Publicar un comentario