Skip to content

Latest commit

 

History

History
222 lines (197 loc) · 2.6 KB

Malware_Analysis_Tools.md

File metadata and controls

222 lines (197 loc) · 2.6 KB

FlareVM Malware Analysis Tools

Android

  • dex2jar
  • apktool

Debuggers

  • flare-qdb
  • scdbg
  • OllyDbg + OllyDump + OllyDumpEx
  • OllyDbg2 + OllyDumpEx
  • x64dbg
  • WinDbg + OllyDumpex + pykd

Decompilers

  • RetDec

Delphi

  • Interactive Delphi Reconstructor (IDR)

Developer Tools

  • VC Build Tools
  • NASM

Disassemblers

  • Ghidra
  • IDA Free (5.0 & 7.0)
  • Binary Ninja Demo
  • radare2
  • Cutter

.NET

  • de4dot
  • Dot Net String Decoder (DNSD)
  • dnSpy
  • DotPeek
  • ILSpy
  • RunDotNetDll

AutoIt

  • AutoItExtractor
  • UnAutoIt
  • Exe2Aut

Flash

  • FFDec

Forensic

  • Volatility
  • Autopsy

Hex Editors

  • FileInsight
  • HxD
  • 010 Editor

Java

  • JD-GUI
  • Bytecode-Viewer
  • Java-Deobfuscator

JavaScript

  • malware-jail

Networking

  • FakeNet-NG
  • ncat
  • nmap
  • Wireshark

Office

  • Offvis
  • OfficeMalScanner
  • oledump.py
  • rtfdump.py
  • msoffcrypto-crack.py

PDF

  • PDFiD
  • PDFParser
  • PDFStreamDumper

PE

  • PEiD
  • ExplorerSuite (CFF Explorer)
  • PEview
  • DIE
  • PeStudio
  • PEBear
  • ResourceHacker
  • LordPE
  • PPEE(puppy)

Pentest

  • Windows binaries from Kali Linux

Powershell

  • PSDecode

Text Editors

  • SublimeText3
  • Notepad++
  • Vim

Visual Basic

  • VBDecompiler

Web Application

  • BurpSuite Free Edition
  • HTTrack

Utilities

  • FLOSS
  • HashCalc
  • HashMyFiles
  • Checksum
  • 7-Zip
  • Far Manager
  • Putty
  • Wget
  • RawCap
  • UPX
  • RegShot
  • Process Hacker
  • Sysinternals Suite
  • API Monitor
  • SpyStudio
  • Shellcode Launcher
  • Cygwin
  • Unxutils
  • Malcode Analyst Pack (MAP)
  • XORSearch
  • XORStrings
  • Yara
  • CyberChef
  • KernelModeDriverLoader
  • Process Dump
  • Innounp
  • InnoExtract
  • UniExtract2
  • Hollows-Hunter
  • PE-sieve
  • ImpRec
  • ProcDot

Python, Modules, Tools

  • Py2ExeDecompiler
  • pyinstxtractor
  • Python 2.7
    • hexdump
    • pefile
    • winappdbg
    • pycryptodome
    • vivisect
    • binwalk
    • capstone-windows
    • unicorn
    • oletools
    • olefile
    • unpy2exe
    • uncompyle6
    • pycrypto
    • pyftpdlib
    • pyasn1
    • pyOpenSSL
    • ldapdomaindump
    • pyreadline
    • flask
    • networkx
    • requests
    • msoffcrypto-tool
    • yara-python
    • mkyara
  • Python 3.7
    • binwalk
    • unpy2exe
    • uncompyle6
    • StringSifter
    • hexdump
    • pycryptodome
    • oletools
    • olefile
    • msoffcrypto-tool
    • pyftpdlib
    • pyasn1
    • pyOpenSSL
    • acefile
    • requests
    • yara-python
    • mkyara

Other

  • VC Redistributable Modules (2005, 2008, 2010, 2012, 2013, 2015, 2017)
  • .NET Framework versions 4.8
  • Practical Malware Analysis Labs
  • Google Chrome
  • Cmder