Tools you can get started into Malware Analysis with

[Deleted member 21043]

Hi everyone,

In this thread I will leave some links to some tools you may be interested in when introducing yourself to Malware Analysis.

Please note: some of these tools aren't tools for beginners, and take a lot of work to become skilled in using. You may end up in headaches and long journeys of errors and mistakes. But you will get through it, and before you know it you will be a expert. It takes time.

Without further adue, here we go:

Disassembler:
- IDA Pro
- IDA Free (if you cannot get the Pro)

Networking:
- TCPView
- Wireshark
- Fiddler

Registry monitoring:
- Regshot

Other:
Malcode Analysts Pack
PE Explorer
FileAlyzer
PEID
LordPE
WinDbg
OllyDmpEx

Spoiler: Explanation to why the list is so small

If anyone has other tools they'd like to share, feel free too in the comments. I only did a small amount of tools listed here, so people who like this subforum in the community can help to fill in the gaps! (of course if the gaps aren't filled then I'll have to do it and then my plan to get people involved with the threads would fail a bit ) (Who knows, maybe it will be such a success that people will comment and categorize the tools under "Other" (if not I'll do it )).

Look at this thread: http://malwaretips.com/threads/places-to-find-malware.1812/ to see what I am trying to do with this thread...

Cheers.

 

[LabZero]

For disassembler and debugger i suggest also OllyDbg : http://www.ollydbg.de/

 

[Oxygen]

Already knew about most of these tools that you have listed, but this should be really helpful to other people that might not.

 

[Deleted member 21043]

Already knew about most of these tools that you have listed, but this should be really helpful to other people that might not.

The list isn't as big as it could have been because I was wanting for people to get involved and start posting more tools like the thread example in the spoiler.

 

[nsm0220]

btw one of the tools is outdated thats Malcode Analysts Pack

 

[Deleted member 21043]

btw one of the tools is outdated thats Malcode Analysts Pack

This may be true, however the tools are still useful and can still be used.

 

[LabZero]

Memory analysis is extremely important in incident response, malware analysis and reverse engineering to examine memory of the infected system to extract artifacts relevant to the malicious program.
Can you add a memoy analysis tool?
OllyDumpEx plugin for ex.

 

[Deleted member 21043]

Memory analysis is extremely important in incident response, malware analysis and reverse engineering to examine memory of the infected system to extract artifacts relevant to the malicious program.
Can you add a memoy analysis tool?
OllyDumpEx plugin for ex.

I was waiting to see how long until someone mentioned. I was tempted to just add it. in.

Yes, I can add a memory analysis tool to the thread.

EDIT: I'll go through the list and add a bunch more stuff later today.

 

[LabZero]

I'm very interested in this topic

 

[david8]

Could you please with this error in Ida free when I try to disassemble any PE i got this: http://prntscr.com/6pjemm
Thanks for help

 

[Deleted member 21043]

Could you please with this error in Ida free when I try to disassemble any PE i got this: http://prntscr.com/6pjemm
Thanks for help

EDITED
*I am going to PM you.

Cheers.

 

[david8]

Hi,

Can you try running IDA with Administrative Priveleges and let me know if the error still persists?

Let me know if this did/did not fix your issue and I can see what I can do.
Cheers.

No, that wasn't working

 

[Deleted member 21043]

No, that wasn't working

I'll send you a PM.