Dynamic Analysis with Windows Sysinternals - Procmon
Procmon is a tool bundled inside the sysinternals suite that logs and monitors processes and its tasks during runtime.
Category: Malware Analysis
AutoRuns Sysinternals
Malware Dynamic Analysis with Windows Sysinternals - AutoRuns
AutoRuns is a tool bundled inside the sysinternals suite that is used to view and monitor auto-run processes in Windows.
A Quick Snap of the tool:
AutoRuns detects that some xws.exe is inside the SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry, which is a common type of persistence mechanisms for a malware. In this case, malware that adds itself to this registry key survives the reboot.
Sysinternals
Malware Dynamic Analysis with Windows Sysinternals
Windows Sysinternals a Windows tool suite developed by Mark Russinovich that is used to host, manage and troubleshoot Windows operating systems.
Strings for Windows
Malware Static Analysis with Windows Sysinternals
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss command prompt base strings analysis in Windows Architecture.
Static Analysis Tool Lists
Strings for Linux
Malware Static Analysis with Linux Strings Tool
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss cli base strings analysis in Linux Architecture.
Static Analysis Tool Lists
TRiD
Malware Static Analysis with Trid
Trid a static analysis tool in windows and is a file like tool from linux, this detects the file type of a PE file that helps the analyst to prepare the environment for further analysis and runs by executing it inside the cmd prompt.
Note: Trid will look for a file called “triddefs.trd” in order to execute, make sure you place it in the same directory together.
Static Analysis Tool Lists
PEView
Malware Static Analysis with PEView
PeView is a static analysis tool that can be used to extract information about the PE header of an executable, specially the modules and the entry point.
Static Analysis Tool Lists
PEStudio
Malware Static Analysis with PEStudio
PEStudio is a famous tool for static analysis it gives the analyst an all in one view with just a single drop of a PE sample. It also use Virustotal API to detect if sample was then submitted by other analyst from the community it then helps for faster analysis.
Static Analysis Tool Lists
PEiD
Malware Static Analysis with PEiD
PEiD is a static analysis tool that can scan the PE file for signatures and detect possible packers, it also detects the compiler used by the sample.
Static Analysis Tool Lists
ExeInfo
Malware Static Analysis with ExeInfo
ExeInfo is a static analysis tool that can help the analyst check the PE file’s signatures, sections and detect the presence of a packer.
Static Analysis Tool Lists
