• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2017
  • May
  • 31
  • Malware Analysis Tools and Cheat list

Malware Analysis Tools and Cheat list

May 31, 2017November 18, 2017 Comments Off on Malware Analysis Tools and Cheat list
how malware analysis works latest malware analysis tools malware analysis cheat sheets malware analysis tools malware analysis training marcus hutchins malware lab

A large number of computer intrusions involve some form of malicious software (malware), which finds its way to the victim’s workstation or to a server. When investigating the incident, the IT responder typically seeks to answer questions such as: What actions can the malware specimen perform on the system? How does it spread? How, if at all, does it maintain contact with the attacker? These questions can all be answered by analyzing the offending malware in a controlled environment.

Static Analysis

This procedure includes extraction and examination of different binary components and static behavioral inductions of an executable, for example, API headers, Referred DLLs, PE areas and all the more such assets without executing the samples.

Any deviation from the normal outcomes are recorded in the static investigation comes about and the decision given likewise.Static analysis is done without executing the malware whereas dynamic analysis was carried by executing the malware in control environment.

  • Disassembly -Programs can be ported to new computer platforms, by compiling the source code in a different environment.
  • File Fingerprinting – network data loss prevention solutions for identifying and tracking data across a network
  • Virus Scanning -Virus scanning tools and instructions for malware & virus removal. Remove malware, viruses, spyware and other threats. ex: VirusTotal
  • Analyzing memory artefacts -During the time spent breaking down memory ancient rarities like[RAM dump, pagefile.sys, hiberfile.sys] the inspector can begin Identification of Rogue Process
  • Packer Detection: Packer Detection used to Detect  packers, cryptors, Compilers, Packers Scrambler, Joiners, Installers.+ New Symbols+ .

Static analysis tools:

Virustotal.com
BinText
Dependency Walker
Md5deep
PEiD
Exeinfo PE
RDG Packer
D4dot
PEview

Dynamic  Analysis

The dynamic analysis should always be an analyst’s first approach to discovering malware functionality. In dynamic analysis, you will be building a virtual machine that will be used as a place to do a malware analysis.

In addition, malware will be analysis using malware sandbox and monitoring process of malware and analysis packets data made by malware.

 Important consideration in virtual Environment

It’s very important to isolate the environment to avoid escape the Malware.
  • single path (execution trace) is examined
  • analysis environment possibly not invisible
  • analysis environment possibly not comprehensive
  • scalability issues
  • allow to quickly restore analysis environment
  • might be detectable (x86 virtualization problems)

Dynamic analysis tools:

  • Procmon
  • Process Explorer
  • Anubis
  • Comodo Instant Malware Analysis
  • Process Monitor
  • Regshot
  • ApateDNS
  • OllyDbg
  • Regshot
  • Netcat ,
  • Wireshark

Memory Forensics

Memory volatile artifacts found in physical memory. Volatile memory Forensics contains valuable information about the runtime state of the system, provides the ability to link artifacts from traditional forensic analysis (network, file system, registry).

  • mage the full range of system memory (no reliance on API calls).
  • Image a process’ entire address space to disk, including a process’ loaded DLLs, EXEs, heaps, and stacks.
  • Image a specified driver or all drivers loaded in memory to disk.
  • Hash the EXE and DLLs in the process address space (MD5, SHA1, SHA256.)
  • Verify the digital signatures of the EXEs and DLLs (disk-based).
  • Output all strings in memory on a per-process basis.

Important Tools

  •  WinDbg –Kernel debugger for Windows systems
  •  Muninn – A script to automate portions of analysis using Volatility
  •  DAMM –Differential Analysis of Malware in Memory, built on Volatility
  •  FindAES –Find AES encryption keys in memory
  •  Volatility — Advanced memory forensics framework

Malware Detection

Signature Based or Pattern Matching: A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus.

Heuristic Analysis or Pro-Active Defense: Heuristic scanning is similar to signature scanning, except that instead of looking for specific signatures, heuristic scanning looks for certain instructions or commands within a program that are not found in typical application programs.

Rule Based: The component of the heuristic engine that conducts the analysis (the analyzer) extracts certain rules from a file and this rules will be compared against a set of rule for malicious code.

Behavioral Blocking: The suspicious behavior approach, by contrast, does not attempt to identify known viruses, but instead monitors the behavior of all programs.

Weight-Based: A heuristic engine based on a weight-based system, which is a quite old styled approach, rates each functionality it detects with a certain weight according to the degree of danger

Sandbox: allows the file to run in a controlled virtual system (or“sandbox”) to see what it does.

Important Tools

  • YARA – Pattern matching tool for analysts.
  • Yara rules generator – Generate yara rules based on a set of malware samples. Also, contains a good strings DB to avoid false positives.
  • File Scanning Framework – Modular, recursive file scanning solution.
  • hash deep – Compute digest hashes with a variety of algorithms.
  • Loki – Host-based scanner for IOCs.
  • Malfunction – Catalog and compare malware at a function level.
  • MASTIFF – Static analysis framework.

Web Domain Analysis

Domain analysis is the process by which a software engineer learns background information, Inspect domains and IP addresses.domain analysis should simply include a brief summary of the information you have found, along with references that will enable others to find that information.

Important Tools

  • SpamCop – IP-based spam block list.
  • SpamHaus – Block list based on domains and IPs.
  • Sucuri SiteCheck – Free Website Malware and Security Scanner.
  • TekDefense Automatic – OSINT tool for gathering information about URLs, IPs, or hashes.
  • URLQuery – Free URL Scanner.
  • IPinfo – Gather information about an IP or domain by searching online resources.
  • Whois – DomainTools free online whois search.
  • mail checker – Cross-language temporary email detection library.

Network interactions Analysis

While focusing on network security monitoring comprehensive platform for more general network traffic analysis as well.

A passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network.

IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing.

Important Tools

  • Tcpdump – Collect network traffic.
  • tcpick – Trach and reassemble TCP streams from network traffic.
  • tcpxtract – Extract files from network traffic.
  • Wireshark – The network traffic analysis tool.
  • CapTipper – Malicious HTTP traffic explorer.
  • chopshop – Protocol analysis and decoding framework.
  • CloudShark – Web-based tool for packet analysis and malware traffic detection

Debugging & Debugger

Debuggers are useful tools that allow analysis of code at a low level. One of the most important functionality of a debugger is the breakpoint.

When a breakpoint is hit, execution of the program is stopped and control is given to the debugger, allowing analysis of the environment at the time.

A debugger is a piece of software that utilizes Central Processing Unit (CPU) facilities that were specifically designed for the purpose.

A debugger provides an insight into how a program performs its tasks, allows the user to control the execution, and provides access to the debugged program’s environment.

This could be very helpful when analyzing malware, as it would be possible to see how it tries to detect tampering and to skip the garbage instructions inserted on purpose.

Important Tools

  • obj dump – Part of GNU Binutils, for static analysis of Linux binaries.
  • OllyDbg – An assembly-level debugger for Windows executable
  • FPort – Reports open TCP/IP and UDP ports in a live system and map them to the owning application.
  • GDB – The GNU debugger.
  • IDA Pro – Windows disassembler and debugger, with a free evaluation version.
  • Immunity Debugger – Debugger for malware analysis and more, with a Python API.

Analyze malicious URL’s

Today, websites are exposed to various threats that exploit their vulnerabilities. A compromised website will be used as a stepping-stone and will serve attackers’ evil purposes.

For instance, URL redirection mechanisms have been widely used as a means to perform web-based attacks covertly.Redirection refers to automatically replacing access destinations, and it is generally controlled by an HTTP protocol on the web.

In addition to this conventional method, other methods for automatically accessing external web content, e.g., iframe tag, have been often used, particularly for web-based attacks.

Important Tools

  • Firebug – Firefox extension for web development.
  • Java Decompiler – Decompile and inspect Java apps.
  • jsunpack-n – A javascript unpacker that emulates browser functionality.
  • Krakatau – Java decompiler, assembler, and disassembler.
  • Malzilla – Analyze malicious web pages.

Sandboxes Technique

Sandboxing is a critical security system that segregates programs, keeping malevolent or failing projects from harming or snooping on whatever remains of your PC. The product you utilize is as of now sandboxing a significant part of the code you run each day.

A sandbox is a firmly controlled condition where projects can be run. Sandboxes limit what a bit of code can do, giving it similarly the same number of consents as it needs without including extra authorizations could be abused.

Important Tools

  • firmware.re – Unpacks, scans and analyzes almost any firmware package.
  • Hybrid Analysis – Online malware analysis tool, powered by VxSandbox.
  • IRMA – An asynchronous and customizable analysis platform for suspicious files.
  • Cuckoo Sandbox – Open source, self-hosted sandbox, and automated analysis system.
  • cuckoo-modified – Modified version of Cuckoo Sandbox released under the GPL.
  • PDF Examiner – Analyse suspicious PDF files.
  • ProcDot – A graphical malware analysis toolkit.
  • Recomposer – A helper script for safely uploading binaries to sandbox sites.
  • Sand droid – Automatic and complete Android application analysis system.

Post navigation

Find Out Who’s Tracking You Through Your Smartphone
Wikileaks Vault 7 Releases New CIA Tool ‘Pandemic.’

Related Articles

Master of Puppets – Advanced Malware Tracking Framework

- Malware Analysis
September 3, 2019

theZoo – A Live Malware Repository

- Malware Analysis
July 25, 2019

BT3 – Blue Team Training Toolkit

- Malware Analysis
July 10, 2019July 10, 2019
hacker gadgets
hacker phone covers

Recent Posts

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

January 29, 2023
Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

January 28, 2023
firebaseExploiter: discovers open and exploitable Firebase Database

firebaseExploiter: discovers open and exploitable Firebase Database

January 28, 2023
CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

January 27, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW