InfoSec Philippines

Information Security, Technology News and Opinions

Archive for February, 2011

Some Malware Analysis Tools

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 6, 2011

I just recently went through a great, albeit difficult, Malware Analysis course. It was very informative and it stretched my ability to understand and follow. The usual DISCLAIMER applies: use the tools at your own risk and your own malware.

Here are some of the free tools we used (and there are a lot of free tools available):

We first installed Virtual Box

Then used the following for Surface Analysis:
Hash Analysis – HashTab (free for personal or private use)
File Type Analysis – TrID
String Analysis – BinText and Sysinternals’ String.exe
Binary Editor – HxD
Pack Analysis – CFF Explorer

Runtime Analysis:
Sysinternals’ Process Explorer
regshot
WinPcap
Wireshark
Sysinternals’ Process Monitor
TCPView
FUndelete (Sysinternals’ old software)
Autoruns
ADSSpy

Static Analysis:
IDA Pro Free
MSDN Library
OllyDbg Version 1
Immunity Debugger
Python 2.5


Some Malware Analysis Links:

Practical Malware Analysis PDF by Kris Kendall from BH 07
PenTestIT’s Atool (I’ve never used this but you may want to check it out)
Malware Analysis Tools – from the SANS diary of 2006
Malware Analysis for Fun and Profit PDF
Malware Analysis Presentation from HK’s Professional InfoSec Association

Advertisements

Posted in Malware Analysis, tools | Tagged: , , | 2 Comments »