![]() ![]() Wireshark – Network Sniffer and Protocol Analyzer. INetSim – Emulates services/open ports for malware behavior analysis purposes. TCPView (Sysinternals Suite) – Displays network connections.įiddler – The free web debugging proxy for any browser, system or platform.įakeNet-NG – Emulates services/open ports for malware behavior analysis purposes. PE-Sieve – Scans for malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). Pinitor – An API Monitor based on instrumentation. ![]() Process Monitor (ProcMon, Sysinternals Suite) – Monitors for system processes events (File System, Registry, Network).ĪPI Monitor – Monitors for Windows API functions.ĪPIMiner – Logs Windows API functions of an executed program. Process Explorer (ProcExp, Sysinternals Suite) – Advanced Task Manager. YARA – The pattern matching swiss knife for malware researchers. Malwoverview.py – Incident response tool to perform an initial and quick triage in a directory containing malware samples and more. PDFStreamDumper – PDF malicious file scanner. ![]() PDFiD – PDF string scanner and identifier. OfficeMalScanner – Office files malware scanner. PeStudio – Advanced PE viewer and more (recommended). HashMyFiles – Calculate MD5/SHA1/CRC32 hashes of your files.ĭiE (Detect it Easy) – Packer identifier (recommended). Strings (Sysinternals Suite) – Extracts strings from a file. Windows Malware Analysis Tools Static AnalysisĠ10 Editor – Advanced hex viewer and editor. ![]()
0 Comments
Leave a Reply. |