Category:Digital-Forensics/Computer-Forensics/Dynamic-Analysis/Sandboxes
Jump to navigation
Jump to search
| You are here: | Sandboxes
|
Description
This article explains the environment you can build to perform malware analysis.
Environment
- Virtualization: VMWare WorkStation (VirtualBox is also an option)
- OS: Microsoft Windows 7 64bit
Tools
| Tool | Static Analysis | Dynamic Analysis | Description |
|---|---|---|---|
| 7zip | ⚫ | ⚫ | Uncompress utility |
| apateDNS | ⚫ | Intercept DNS request/responses | |
| API Monitor | ⚫ | Monitor and control API calls made by applications and services | |
| autoruns | ⚫ | Show programs configured to autostart during boot | |
| binText | ⚫ | Find Ascii, Unicode and Resource strings in a file | |
| CFF Explorer | ⚫ | Advanced PE Editor | |
| CHimpREC | ⚫ | ⚫ | Import Rebuilder that can be used to dump a packed executable in memory |
| exe2aut | ⚫ | AutoIt3 Decompiler | |
| Fiddler | ⚫ | Web debugging proxy (can intercept SSL connnections) | |
| hiew | ⚫ | ⚫ | Hex editor and assembler/disassembler |
| IDA Pro | ⚫ | ⚫ | Disassembler (also debugger) |
| ILSpy | ⚫ | .NET assembly browser and decompiler | |
| LordPE | ⚫ | Edit/view many parts of PE files, dump them from memory, optimize them, validate, analyze, edit | |
| malzilla | ⚫ | Malware hunting tool that uses the SpiderMonkey engine to analyze scripts | |
| OfficeMalScanner | ⚫ | ⚫ | MS Office forensic framework to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams |
| OffVis | ⚫ | Help understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks. | |
| OllyDbg | ⚫ | Debugger | |
| PEiD | ⚫ | PE info / Packer identifier | |
| ProcDOT | ⚫ | Malware activity visualization tool | |
| Process Hacker | ⚫ | Process/Resources monitoring tool | |
| Process Monitor | ⚫ | Advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity | |
| Regshot | ⚫ | Registry/FileSystem compare utility (diff between 2 snapshots) | |
| Resource Hacker | ⚫ | view, modify, rename, add, delete and extract resources in 32bit & 64bit Windows executables and resource files (*.res) | |
| strings.exe | ⚫ | Display strings | |
| Sysinternals Suite | ⚫ | ⚫ | List of system tools for Windows developed by Microsoft Sysinternals |
| unarj.exe | ⚫ | ⚫ | Uncompress utility |
| upx.exe | ⚫ | ⚫ | |
| wget.exe | ⚫ | ⚫ | |
| WinDbg | ⚫ | 32bit/64bit user and kernel-mode debugger | |
| WireShark | ⚫ | Create and read network capture files (pcap[ng]) | |
| XPELister | ⚫ | PE viewer and editor that also has a RepairPE module |
Pages in category "Digital-Forensics/Computer-Forensics/Dynamic-Analysis/Sandboxes"
The following 2 pages are in this category, out of 2 total.