Friday, April 25, 2008
Malware Analysis Tools and Techniques
Apart from what guidelines have been published in various books and articles. My this post will summarize the overall manual and automated techniques to simulate and test the samples of malwares collected and their behavioral activities. To be noted that a "Malware" could be delivered in the form of trojan, virus or worm.
These tools require the collaboration of other toolset used in conjunction, to support depth analysis of a malware.
HTTP Proxy Debuggers (Paros, WebScarab)
iDefense SysAnalyzer, HookExplorer and MAP (Malcode Analyst Pack)
PEiD Tool (Very important to detect packers/compilers/cryptors)
GDB GNU (Linux)
IDA Pro (Reversing)
Salamander Decompiler (.NET Applications)
DaFixer's DeDe (Delphi)
HeavenTools PE Explorer
Automated Online Tools
These online submission services automatically analyze the malware in a very restricted environment(simulate) and record their activites and produce results on the basis of various Anti-Virus/Malware detection.