# Malware Analysis — Tools And Resources

Malware Analysis — Tools And Resources

Analyzing malware could be daunting task; fortunately, many tools and resources are at our disposal that could help us make this task a little bit easier.

## Network Tools <a href="#dafa" id="dafa"></a>

* [Wireshark](https://www.wireshark.org/download.html)
* [Microsoft Network Monitor](https://www.microsoft.com/en-us/download/details.aspx?id=4865)
* [Netcat](https://eternallybored.org/misc/netcat/)
* [BurpSuite](https://portswigger.net/burp/communitydownload)
* [Fiddler](https://www.telerik.com/fiddler)
* [DNS Query Sniffer](http://nirsoft.net/utils/dns_query_sniffer.html)
* [FakeNet-NG](https://www.fireeye.com/services/freeware/fakenet-ng.html)
* [INetSim](https://www.inetsim.org/)

## PE Analysis Tools <a href="#d9c0" id="d9c0"></a>

* [PE-bear](https://github.com/hasherezade/pe-bear-releases/releases)
* [pev the PE file analysis toolkit](http://pev.sourceforge.net/)
* [PeStudio](https://www.winitor.com/)
* [PEiD](https://www.aldeid.com/wiki/PEiD)
* [Resource Hacker](http://www.angusj.com/resourcehacker/)
* [CFF Explorer](https://ntcore.com/?page_id=388)
* Exeinfo PE
* [Dependency Walker](http://www.dependencywalker.com/)

## Dynamic / Behavioral Analysis Tools <a href="#b355" id="b355"></a>

* [Process Explorer](https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer)
* [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)
* [Process Hacker](https://processhacker.sourceforge.io/downloads.php)
* [CaptureBAT](https://www.honeynet.org/node/315)
* [Sysmon](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon)
* [API Monitor](http://www.rohitab.com/apimonitor#Download)
* [CMD Watcher](http://www.kahusecurity.com/tools.html)
* [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns)
* [Regshot](https://sourceforge.net/projects/regshot/)
* [Flypaper](https://wikileaks.org/hbgary-emails/emailid/67831#attachments) (Password : “rich”)
* [Microsoft ASA (Attack Surface Analyzer)](https://github.com/Microsoft/AttackSurfaceAnalyzer)

## Debugging Tools <a href="#fe75" id="fe75"></a>

* [X64dbg](https://sourceforge.net/projects/x64dbg/files/snapshots/)
* [Immunity Debugger](https://www.immunityinc.com/products/debugger/)
* [WinDbg](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools)

## Reverse Engineering Tools <a href="#id-0f67" id="id-0f67"></a>

* [IDA Pro](https://www.hex-rays.com/products/ida/)
* [Ghidra](https://github.com/NationalSecurityAgency/ghidra)
* [dotPeek](https://www.jetbrains.com/decompiler/)
* [Scylla](https://github.com/NtQuery/Scylla)
* [PdbXtract](https://fireeye.market/apps/211384)

## Analyzing Suspicious Files / Sandboxing <a href="#id-6221" id="id-6221"></a>

* [Virus Total](https://virustotal.com)
* [Hybrid Analysis](https://hybrid-analysis.com)
* [Cuckoo](https://cuckoosandbox.org/)
* [Any.run](https://any.run/)
* [Intezer](https://www.intezer.com/)
* [Joe Sandbox](https://joesecurity.org/)

## VB Analysis Tools <a href="#f99f" id="f99f"></a>

* [ViperMonkey](https://github.com/decalage2/ViperMonkey)
* [decode-vbe.py](https://github.com/DidierStevens/DidierStevensSuite/blob/master/decode-vbe.py)
* [oledump.py](https://github.com/DidierStevens/DidierStevensSuite/blob/master/oledump.py)

## Strings Analysis Tools <a href="#id-842f" id="id-842f"></a>

* [FLOSS](https://www.fireeye.com/services/freeware/floss.html)
* [Sysinternals Strings](https://docs.microsoft.com/en-us/sysinternals/downloads/strings)
* [Fireeye stringsifter](https://github.com/fireeye/stringsifter)

## Malware Analysis VM <a href="#id-10dc" id="id-10dc"></a>

* [REMnux](https://remnux.org/)
* [OALabs Malware Analysis VM](https://oalabs.openanalysis.net/2018/07/16/oalabs_malware_analysis_virtual_machine/)
* [FLARE VM](https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html)
* [Kali Linux](https://www.kali.org/)

## Other <a href="#id-4218" id="id-4218"></a>

* [Didier Stevens Suite](https://blog.didierstevens.com/didier-stevens-suite/)
* [Fireeye Market](https://fireeye.market/apps)
* [ProcDOT](https://www.procdot.com/)
* [Malzilla](http://malzilla.sourceforge.net/)
* [Kahu Security Tools](http://www.kahusecurity.com/tools.html)
* [HashMyFiles](https://www.nirsoft.net/utils/hash_my_files.html)
* [CyberChef](https://gchq.github.io/CyberChef/)
* [HxD](https://mh-nexus.de/en/hxd/)

## Resources / Getting Started <a href="#ce79" id="ce79"></a>

* [Colin Hardy](https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg/videos)
* [OALabs](https://www.youtube.com/channel/UC--DwaiMV-jtO-6EvmKOnqg/videos)
* [Malware Unicorne Workshops](https://malwareunicorn.org/#/workshops)
* [MalwareAnalysisForHedgehogs](https://www.youtube.com/channel/UCVFXrUwuWxNlm6UNZtBLJ-A/videos)
* [How to start RE/malware analysis?](https://hshrzd.wordpress.com/how-to-start/) — hasherezade
* [Malwology](https://malwology.com/)
* [Haruko](https://tracker.fumik0.com/learning)
* [MalwareTech](https://www.malwaretech.com/)
* [Malware Breakdown](https://malwarebreakdown.com/)
* [Malware-Traffic-Analysis](http://malware-traffic-analysis.net/)
* [Journey Into Incident Response](http://journeyintoir.blogspot.com/)
* [Analyzing Malicious Documents Cheat Sheet](https://zeltser.com/analyzing-malicious-documents/)

## Malware Samples <a href="#ebe8" id="ebe8"></a>

* [MalShare](https://malshare.com/)
* [Malware Traffic Analysis](http://www.malware-traffic-analysis.net/)
* [Virusign](http://www.virusign.com/)
* [theZoo](https://thezoo.morirt.com/)
* [VX Vault](http://vxvault.net/ViriList.php)
* [CyberCrime](http://cybercrime-tracker.net/)