Sign in to follow this  
Followers 0
gloomer

Malware Analysis

11 posts in this topic

I'm starting up a VM, and I'm wondering which tools I should use to get started on something like this.

The VM will be Windows XP, obviously I've looked at the Sysinternals suite, and I've already marked that down on the list. What else would be good to include? Wireshark... Sysinsternals... not sure where else to go..

Anyone have any recommendations/tools/techniques?

Thanks

0

Share this post


Link to post
Share on other sites

WinDBG and/or OllyDBG is also good to have. I wouldn't recommend putting an A/V on there. If you have the money, grab a copy of IDA Pro.

0

Share this post


Link to post
Share on other sites

Hmm...yup....sysinternals...erm*

Ollydbg and IDA Pro? Or...erm* GMER?

Resource Hacker might be useful.

I guess a hex editor won't do you wrong. PEID might be useful.

Hmm....this might make you skip in joy; Link

CW Sandbox might still be useful in a VM.

And here is some good reading.

Hope this helped.

0

Share this post


Link to post
Share on other sites

Something that does function call hooking.. i.e. Echo Mirage and a packer like UPX

It would be nice if we could get a master list compiled for this type of stuff..

0

Share this post


Link to post
Share on other sites
Something that does function call hooking.. i.e. Echo Mirage and a packer like UPX

It would be nice if we could get a master list compiled for this type of stuff..

Sir, you just inspired me to make a VM for Malware Analysis. Thank you from the bottom of my heart.

(be informed I will leave this project after half an hour due to my laziness and lack of motivation)

0

Share this post


Link to post
Share on other sites
Sir, you just inspired me to make a VM for Malware Analysis. Thank you from the bottom of my heart.

(be informed I will leave this project after half an hour due to my laziness and lack of motivation)

Be informed of advanced malware strains which utilize anti-debugging techniques that detect and prevent virtual machine execution in order to deter analysis. :ninja:

0

Share this post


Link to post
Share on other sites

Depending on what you're doing, you might look into Filemon and Regmon, both of which are tools released by Microsoft to monitor any/all file and registry changes on the fly. They also have a program for Vista called Process Monitor, which does the same as both tools, plus a lot more.

Very handy when you want to see if a certain program is messing around where it shouldn't.

0

Share this post


Link to post
Share on other sites

Portreporter is good utility that will log TCP and UDP connections.

0

Share this post


Link to post
Share on other sites
Depending on what you're doing, you might look into Filemon and Regmon, both of which are tools released by Microsoft to monitor any/all file and registry changes on the fly. They also have a program for Vista called Process Monitor, which does the same as both tools, plus a lot more.

Very handy when you want to see if a certain program is messing around where it shouldn't.

That's all SysInternals stuff. The OP said they looked at that already.

0

Share this post


Link to post
Share on other sites

DeepFreeze (not free) - just to add an extra layer of security

Wireshark - to record traffic

IDApro (not free) - disassembly

and last but not least Strings.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0