Skip to content

Trietptm-on-Awesome-Lists/malware-analysis-tools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 

Repository files navigation

Malware Analysis Tools

Categories

Windows Host
Windows Integrated
Environment
Disassembers and Debuggers
Hex Editor
Static Analysis - Basic
Dynamic Analysis - Advanced
PE Analysis
PE Dumping/Unpacking
Office Tools
PDF Tools
Flash Tools
Java Tools
Javascript Tools
.NET Reversing
Python Tools
Visual Basic Tools

Windows Host

Windows Guest

Environment

Disassemblers and Debuggers

  • Binary Ninja - BINARY NINJA: A NEW KIND OF REVERSING PLATFORM.

  • IDA - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger.

  • x64dbg - An open-source x64/x32 debugger for windows.

    • ScyllaHide plugin - ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library.
    • TitanHide plugin - TitanHide is a kernelmode driver intended to hide debuggers from certain processes.
      Archived here
    • xAnalyzer – xAnalyzer is a plugin for the x86/x64 x64dbg debugger by @mrexodia. This plugin is based on APIInfo Plugin by @mrfearless, although some improvements and additions have been made. xAnalyzer is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user.
  • WinDbg - The Windows Debugger (WinDbg) can be used to debug kernel and user mode code, analyze crash dumps and to examine the CPU registers as code executes.

  • Windows Symbols - To set your environment to store symbols locally and use the microsoft symbols server set the following environment variable:
    _NT_SYMBOL_PATH = srv*c:\symbols*https://msdl.microsoft.com/download/symbols

Hex Editor

Static Analysis - Basic

  • Detect-It-Easy (DIE) - Detect It Easy, or abbreviated "DIE" is a program for determining types of files.
  • xorsearch - XORSearch is a program to search for a given string in an XOR, ROL, ROT or SHIFT encoded binary file.
  • xorstrings - XORStrings will search for strings in the (binary) file you provide it, using the same encodings as XORSearch (XOR, ROL, ROT and SHIFT).

Dynamic Analysis - Advanced

  • Spy Studio - SpyStudio shows and interprets calls, displaying the results in a structured way which is easy for any IT professional to understand. SpyStudio can show registry keys and files that an application uses, COM objects and Windows the application has created, and errors and exceptions.

PE Analysis

  • PE-Bear – PE-bear is a freeware reversing tool for PE files. Its objective was to deliver fast and flexible “first view” tool for malware analysts, stable and capable to handle malformed PE files.

PE Dumping and Unpacking

  • Flypaper – Very useful tool used to prevent processes from exiting.
  • ImpREC – ImpRec can be used to repair the import table for packed programs.
  • PE-Seive – PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
  • pe_unmapper – Small tool to convert a PE from a virtual format into a raw format (useful in recovering executables dumped from the memory).
  • find_forwarders – Small tool for finding import's name (and the forwarders) by it's Virtual Address.
  • imports_unerase – Small tool for recovering erased imports of a dumped PE file.
  • va_to_import – Small tool for finding import name by it's Virtual Address.
  • hollows_hunter – A process scanner detecting and dumping hollowed PE modules.

Office Tools

  • Offvis – The Microsoft Office Visualization Tool (OffVis) is a tool from Microsoft that helps understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks.

PDF Tools

  • pdfid – This tool is not a PDF parser, but it will scan a file to look for certain PDF keywords, allowing you to identify PDF documents that contain (for example) JavaScript or execute an action when opened.
  • pdf-parser – This tool will parse a PDF document to identify the fundamental elements used in the analyzed file.
  • PdfStreamDumper – This is a free tool for the analysis of malicious PDF documents.

Flash Tools

  • FFDec – Opensource flash SWF decompiler and editor. Extract resources, convert SWF to FLA, edit ActionScript, replace images, sounds, texts or fonts. Various output formats available. Works with Java on Windows, Linux or MacOS.

Java Tools

  • JD-GUI – JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
  • dex2jar – Tools to work with android .dex and java .class files

Javascript Tools

  • Spider Monkey – SpiderMonkey is a modified version of Mozilla’s C implementation of JavaScript, with some extra functions to help with malware analysis.

.NET Tools

  • ILSpy – ILSpy is the open-source .NET assembly browser and decompiler.
  • DNSpy – dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available.
  • DotPeek – Free .NET Decompiler and Assembly Browser
  • De4dot – .NET deobfuscator and unpacker.

Python Tools

Visual Basic Tools

  • VBDecompiler – Best code recovery solution for Visual Basic 5.0/6.0 applications and fast disassembler for Visual Studio .NET compiled apps.

Category

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published