ProcDOT

Posted on January 3, 2025April 29, 2025 by randrada

Dynamic Malware Analysis with ProcDOT

ProcDOT is primarily used for visualization, leveraging ProcMon’s CSV files and Wireshark’s PCAP files to create a detailed representation of events that occur when a program is executed. This provides the user with valuable insights into system and network activity, helping them better understand what transpired during the program’s execution.

Here’s a sample of how ProcDOT is used:

Once the files are loaded (Procmon logs and PCAP file) we can then look for an interesting process to continue our analysis.

Here, we select one of the “powershell.exe” processes.

We can see that this PowerShell script was used to download a file from ‘raw.githubusecontent.com’. While identifying this network communication using tools like ProcMon and Wireshark might take some time, ProcDOT simplifies the process and quickly reveals the details for us.

Dynamic Analysis Tool Lists

jadx

Posted on January 3, 2025April 29, 2025 by randrada

Android Package Reverse Engineering with JADX(Java to Dex)

JADX is a powerful used for decompiling Android APK files, transforming DEX bytecode into human-readable Java source code. By providing a user-friendly GUI and command-line interface, JADX makes it easier for users to explore and analyze the internal logic and structure of Android applications. It is widely utilized for reverse engineering, malware analysis, and security auditing, offering a quick and efficient way to gain insights into an app’s source code.

Here’s a sample of how JADX is used:

First, run ‘-h’ command.

Next, extract the zip file and simply run the command:

jadx -o <output_directory> somefile.apk

The command above will decompile the APK file and will drop the files to the selected directory.

Finally, you can proceed with your analysis.

Reverse Engineering Tool Lists

ByteCodeViewer

Posted on January 3, 2025April 29, 2025 by randrada

Android Package Reverse Engineering with ByteCodeViewer

ByteCodeViewer is a comprehensive reverse engineering tool designed to analyze Java and Android applications. It provides a unified platform to decompile, debug, and analyze bytecode using various decompilers, including CFR, FernFlower, and Procyon. Equipped with a powerful GUI, ByteCodeViewer enables users to explore classes, methods, and application structures with ease. It is a go-to tool for developers, security researchers, and reverse engineers, simplifying tasks like debugging, malware analysis, and application auditing.

Here’s a sample of how ByteCodeViewer is used:

Command: Java -jar Bytecode-Viewer.jar

#note: This tool requires Java as a dependency; make sure to install it in your system.

Reverse Engineering Tool Lists

APKTool

Posted on January 3, 2025April 29, 2025 by randrada

Android Package Reverse Engineering with APKTool

APKTool is a versatile tool primarily used for reverse engineering Android APK files. It enables users to decode APK resources to nearly original form, rebuild modified APKs, and troubleshoot issues with APKs.

By decompiling and reassembling the app’s components, APKTool provides valuable insights into an application’s structure, resources, and functionality, aiding in tasks such as malware analysis, debugging and localization.

Here’s a sample of how APKTool is used:

Use the ‘d’ option to decode the APK file.

Command: apktool d <apk_file>

After executing the command, the APK file is decoded, generating multiple files essential for further analysis.

Among these, several folders are created in the current directory, along with the AndroidManifest.xml file, which contains crucial configuration details.

Reverse Engineering Tool Lists

Malzilla JavaScript Analysis

Posted on June 15, 2023January 22, 2025 by randrada

JavaScript Malware Analysis using - Malzilla

Malzilla is a GUI-based tool for analyzing malicious JavaScript and Web pages. It is specifically built to deobfuscate JavaScript by using SpiderMonkey JavaScript engine for executing JavaScript code.

JavaScript Analysis From Malware Analysis Perspective:

This involves examining the code to uncover potential malicious behavior, understand its functionality, and identify any obfuscation techniques employed. By dissecting the JavaScript, analysts aim to detect payload delivery mechanisms, identify suspicious patterns, and determine the impact it may have on systems and data.

JavaScript analysis plays a crucial role in cybersecurity, enabling researchers to identify and mitigate potential threats. Malicious JavaScript continues to be a favored vector for attacks, ranging from spear-phishing campaigns to drive-by downloads.

The use of tools like Malzilla significantly enhances the analysis process, making it faster and more efficient. By leveraging such tools, security professionals can effectively dissect malicious code and respond swiftly to protect their systems and data.

Automate Artifact Collection

SSDEEP Fuzzy Hashing

Posted on June 14, 2023January 22, 2025 by randrada

Malware Static Analysis with SSDEEP Fuzzy Hashing Tool

ssdeep – is a tool used for Fuzzy Hashing, which is a type of hashing that employs Context-Triggered Piecewise Hashing (CTPH). Essentially, this tool is utilized to compare files that are similar but not identical.

Using ssdeep, it is possible to classify various malware samples, and if any similarities are detected, the tool can identify the malware family to which the sample belongs.

Static Analysis Tool Lists

MiTec Registry Recovery

Posted on November 7, 2022January 22, 2025 by randrada

Malware Dynamic Analysis with MiTec Windows Registry Recovery

MiTec Windows Registry Recovery is an application that allows to read files containing Windows 9x,NT,2K,XP,2K3,7,8 and 10 registry hives. It extracts many useful information about configuration and windows installation settings of host machine.

Dynamic Analysis Tool Lists

tshark

Posted on November 7, 2022January 22, 2025 by randrada

Packet Analysis with tshark

tshark is a famous network protocol analyzer tool that let you see what is happening on your network at a microscopic level. It is the cli counterpart of the GUI analyzer tool Wireshark.

Dynamic Analysis Tool Lists

UPX Unpacker

Posted on August 11, 2022January 22, 2025 by randrada

Malware Static Analysis with UPX Packer

UPX is a famous tool that is used to pack and unpack a PE file and used by both benign and malicious software for their own gain.

Static Analysis Tool Lists

HashMyFiles

Posted on July 25, 2022January 22, 2025 by randrada

Malware Static Analysis with HashMyFiles

HashMyFiles by Nirsoft is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.

HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

Static Analysis Tool Lists