🛠️Tools

This is a list of many common tools

This list has tools used for Static Analysis, Dynamic analysis, and more. These tools will all be used to help with the process of malware analysis. This includes tools that are downloaded in FlareVm, and some that I have found are great tools. Most of the tools will have an in-depth guide listed.

---

Tools found Preinstalled in Flare VM

Android

• dex2jar

• apktool

Debuggers

• flare-qdb

• scdbg

• OllyDbg + OllyDump + OllyDumpEx

• OllyDbg2 + OllyDumpEx

• x64dbg

• WinDbg + OllyDumpex + pykd

Decompilers

• RetDec

Delphi

• Interactive Delphi Reconstructor (IDR)

Developer Tools

• VC Build Tools

• NASM

Disassemblers

• Ghidra

• IDA Free (5.0 & 7.0)

• Binary Ninja Demo

• radare2

• Cutter

.NET

• de4dot

• Dot Net String Decoder (DNSD)

• dnSpy

• DotPeek

• ILSpy

• RunDotNetDll

AutoIt

• AutoItExtractor

• UnAutoIt

• Exe2Aut

Flash

• FFDec

Forensic

• Volatility

• Autopsy

Hex Editors

• FileInsight

• HxD

• 010 Editor

Java

• JD-GUI

• Bytecode-Viewer

• Java-Deobfuscator

JavaScript

• malware-jail

Networking

• FakeNet-NG

• ncat

• nmap

• Wireshark

Office

• Offvis

• OfficeMalScanner

• oledump.py

• rtfdump.py

• msoffcrypto-crack.py

PDF

• PDFiD

• PDFParser

• PDFStreamDumper

PE

• PEiD

• ExplorerSuite (CFF Explorer)

• PEview

• DIE

• PeStudio

• PEBear

• ResourceHacker

• LordPE

• PPEE(puppy)

Pentest

• Windows binaries from Kali Linux

Powershell

• PSDecode

Text Editors

• SublimeText3

• Notepad++

• Vim

Visual Basic

• VBDecompiler

Web Application

• BurpSuite Free Edition

• HTTrack

Utilities

• FLOSS

• HashCalc

• HashMyFiles

• Checksum

• 7-Zip

• Far Manager

• Putty

• Wget

• RawCap

• UPX

• RegShot

• Process Hacker

• Sysinternals Suite

• API Monitor

• SpyStudio

• Shellcode Launcher

• Cygwin

• Unxutils

• Malcode Analyst Pack (MAP)

• XORSearch

• XORStrings

• Yara

• CyberChef

• KernelModeDriverLoader

• Process Dump

• Innounp

• InnoExtract

• UniExtract2

• Hollows-Hunter

• PE-sieve

• ImpRec

• ProcDot

Python, Modules, Tools

• Py2ExeDecompiler

• pyinstxtractor

• Python 2.7

  • hexdump

  • pefile

  • winappdbg

  • pycryptodome

  • vivisect

  • binwalk

  • capstone-windows

  • unicorn

  • oletools

  • olefile

  • unpy2exe

  • uncompyle6

  • pycrypto

  • pyftpdlib

  • pyasn1

  • pyOpenSSL

  • ldapdomaindump

  • pyreadline

  • flask

  • networkx

  • requests

  • msoffcrypto-tool

  • yara-python

  • mkyara

• Python 3.7

  • binwalk

  • unpy2exe

  • uncompyle6

  • StringSifter

  • hexdump

  • pycryptodome

  • oletools

  • olefile

  • msoffcrypto-tool

  • pyftpdlib

  • pyasn1

  • pyOpenSSL

  • acefile

  • requests

  • yara-python

  • mkyara

Other

• VC Redistributable Modules (2005, 2008, 2010, 2012, 2013, 2015, 2017)

• .NET Framework versions 4.8

• Practical Malware Analysis Labs

• Google Chrome

• Cmder

---

Other Tools I have found

Some of the tools listed below are also in flare.

• Static Analysis

  • pestudio - Perform static analysis of Windows executables.
  • CFF Explorer - is a suite of tools for portable executable (PE) checking import directory , export directory and section headers for finding packer [packer use for change pe table schema this UPX]
• Dynamic Analysis

  • Process Hacker - Tool that monitors system resources.
  • Process Monitor - Advanced monitoring tool for Windows programs.
  • RegShot - Registry compare utility that compares snapshots.
  • ProcDot - A graphical malware analysis tool kit.
• Code Analysis

  • Disassembler

    • IDA
  • Decompiler

    • IDA Pro
  • debuggers

    • X64dbg - An open-source x64/x32 debugger for windows.
    • WinDbg - multipurpose debugger for the Microsoft Windows computer operating system
• Memory Forensics

  • memory acquisition

    • Comae-Toolkit _ use DumpIt.exe for sump whole memory
  • memory analysis

    • Volatility - Advanced memory forensics framework.
• Online Scanners and Sandboxes

  • Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
  • VirusTotal - Free online analysis of malware samples and URLs
  • Noriben - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment.
  • intezer analyzer - Create MITRE ATT&CK Technique Detection table
• Network

  • Wireshark - The network traffic analysis tool.
• Android

  • MobSF – Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
• service emulation

  • INetSim - Network service emulation, useful when building a malware lab.
  • FakeNet - Windows Network Simulation tool for Malware Analysis