Malware Analysis
Malware¶
A curated list of awesome malware analysis tools and resources.
Obfuscated String Solver - Automatically extract obfuscated strings from malware
Malware Samples¶
Database of Malware with Family Information
Malware samples from a Honeypot
A repository of LIVE malwares for your own joy and pleasure
Malware Articles¶
malpedia for finding articles about a specific family
Deep Panda C2C Malware Breakdown
Packers¶
UPX is a free, portable, extendable, high-performance executable packer for several executable formats.
Creating Your Very Own x64 PE Packer/Protector from Scratch using C++
Dynamic Analysis¶
Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU
Simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid.
Spin up an AWS REnux instance for Reverse-Engineering and Analyzing Malware
REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware
Sandbox to do traffic analysis of the Linux malwares
Cuckoo Sandbox is an automated dynamic malware analysis system
Windows-based security distribution for malware analysis, incident response, and penetration testing
CAPE is a malware sandbox.
Agile Malware Analysis - Joe Sandbox Desktop
Free Online Malware Reports:
Service for malware analysis
All-In-One Malware Analysis Platform
Triage Analise Information
Malware unpacker service
Android:
Android Malware Analysis Framework
VM Detection:
A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to evade analysis.
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Malware Categorization¶
Malware Categorization through patern matching
Patern Matching log files for Malware
Malware DNA profiling search engine discovers malware patterns and characteristics
Identifies and extracts information from bots and other malware
Binary analysis and management framework
Generating Rules for Malware:
Rule generation for yara - find common strings in bad malware but remove strings that are in good programs
A Yara rule generator by AlienVault
Sysmon:
PowerShell version of Sysmon Tools
Splunk App to assist Sysmon Threat Hunting
SysMon wiki for logging
Sysmon Threat Intelligence Configuration
Malware Detection¶
Serverless, Real-Time & Retroactive Malware Detection
Find malicious phishing domains when they register for a SSL certificate
OSQuery for incident detection and response
Hunt for new malware using Yara.
Detect Malicious traffic
Malware scanner for Linux desktops and servers
Shows calls to domains from common malware document techniques