🛠️Tools
This is a list of many common tools
This list has tools used for Static Analysis, Dynamic analysis, and more. These tools will all be used to help with the process of malware analysis. This includes tools that are downloaded in FlareVm, and some that I have found are great tools. Most of the tools will have an in-depth guide listed.
Tools found Preinstalled in Flare VM
Android
dex2jar
apktool
Debuggers
flare-qdb
scdbg
OllyDbg + OllyDump + OllyDumpEx
OllyDbg2 + OllyDumpEx
x64dbg
WinDbg + OllyDumpex + pykd
Decompilers
RetDec
Delphi
Interactive Delphi Reconstructor (IDR)
Developer Tools
VC Build Tools
NASM
Disassemblers
Ghidra
IDA Free (5.0 & 7.0)
Binary Ninja Demo
radare2
Cutter
.NET
de4dot
Dot Net String Decoder (DNSD)
dnSpy
DotPeek
ILSpy
RunDotNetDll
AutoIt
AutoItExtractor
UnAutoIt
Exe2Aut
Flash
FFDec
Forensic
Volatility
Autopsy
Hex Editors
FileInsight
HxD
010 Editor
Java
JD-GUI
Bytecode-Viewer
Java-Deobfuscator
JavaScript
malware-jail
Networking
FakeNet-NG
ncat
nmap
Wireshark
Office
Offvis
OfficeMalScanner
oledump.py
rtfdump.py
msoffcrypto-crack.py
PDF
PDFiD
PDFParser
PDFStreamDumper
PE
PEiD
ExplorerSuite (CFF Explorer)
PEview
DIE
PeStudio
PEBear
ResourceHacker
LordPE
PPEE(puppy)
Pentest
Windows binaries from Kali Linux
Powershell
PSDecode
Text Editors
SublimeText3
Notepad++
Vim
Visual Basic
VBDecompiler
Web Application
BurpSuite Free Edition
HTTrack
Utilities
FLOSS
HashCalc
HashMyFiles
Checksum
7-Zip
Far Manager
Putty
Wget
RawCap
UPX
RegShot
Process Hacker
Sysinternals Suite
API Monitor
SpyStudio
Shellcode Launcher
Cygwin
Unxutils
Malcode Analyst Pack (MAP)
XORSearch
XORStrings
Yara
CyberChef
KernelModeDriverLoader
Process Dump
Innounp
InnoExtract
UniExtract2
Hollows-Hunter
PE-sieve
ImpRec
ProcDot
Python, Modules, Tools
Py2ExeDecompiler
pyinstxtractor
Python 2.7
hexdump
pefile
winappdbg
pycryptodome
vivisect
binwalk
capstone-windows
unicorn
oletools
olefile
unpy2exe
uncompyle6
pycrypto
pyftpdlib
pyasn1
pyOpenSSL
ldapdomaindump
pyreadline
flask
networkx
requests
msoffcrypto-tool
yara-python
mkyara
Python 3.7
binwalk
unpy2exe
uncompyle6
StringSifter
hexdump
pycryptodome
oletools
olefile
msoffcrypto-tool
pyftpdlib
pyasn1
pyOpenSSL
acefile
requests
yara-python
mkyara
Other
VC Redistributable Modules (2005, 2008, 2010, 2012, 2013, 2015, 2017)
.NET Framework versions 4.8
Practical Malware Analysis Labs
Google Chrome
Cmder
Other Tools I have found
Some of the tools listed below are also in flare.
Static Analysis
pestudio - Perform static analysis of Windows executables.
CFF Explorer - is a suite of tools for portable executable (PE) checking import directory , export directory and section headers for finding packer [packer use for change pe table schema this UPX]
Dynamic Analysis
Process Hacker - Tool that monitors system resources.
Process Monitor - Advanced monitoring tool for Windows programs.
RegShot - Registry compare utility that compares snapshots.
ProcDot - A graphical malware analysis tool kit.
Memory Forensics
memory acquisition
Comae-Toolkit _ use DumpIt.exe for sump whole memory
memory analysis
Volatility - Advanced memory forensics framework.
Online Scanners and Sandboxes
Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
VirusTotal - Free online analysis of malware samples and URLs
Noriben - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment.
intezer analyzer - Create MITRE ATT&CK Technique Detection table
Network
Wireshark - The network traffic analysis tool.
Android
MobSF – Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Last updated