Friday, April 25, 2008
Malware Analysis Tools and Techniques
Apart from what guidelines have been published in various books and articles. My this post will summarize the overall manual and automated techniques to simulate and test the samples of malwares collected and their behavioral activities. To be noted that a "Malware" could be delivered in the form of trojan, virus or worm.
Manual Toolset
These tools require the collaboration of other toolset used in conjunction, to support depth analysis of a malware.
Foundstone BINTEXT
Malzilla (Analyzing Web-Based Malwares - JavaScript/iFrame)
HTTP Proxy Debuggers (Paros, WebScarab)
Nepenthes
iDefense SysAnalyzer, HookExplorer and MAP (Malcode Analyst Pack)
RegShot
SysInternals Tools
PEiD Tool (Very important to detect packers/compilers/cryptors)
UPX
FireBug
OllyDbg
WinDbg
GDB GNU (Linux)
OllyDump
OllyScript
SoftICE (Reversing)
IDA Pro (Reversing)
Salamander Decompiler (.NET Applications)
Reflector.Net Tool
DaFixer's DeDe (Delphi)
Backerstreet.com REC
HeavenTools PE Explorer
HijackThis
Automated Online Tools
These online submission services automatically analyze the malware in a very restricted environment(simulate) and record their activites and produce results on the basis of various Anti-Virus/Malware detection.
CWSandbox.org
ThreatExpert.com
VirusScan.jotti.org
Norman.com/microsites/nsic/
Malwareinfo.org
VirusTotal.com
VirScan.org