Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 446
- Reaction score
- 1,297
- Points
- 93
Malware Analysis Tools.
any.run - interactive online sandbox.
anlyz.io - online sandbox.
AVCaesar - Malware.lu online scanner and repository of malware programs.
BoomBox - automated deployment of a lab for analyzing malware with Cuckoo Sandbox using Packer and Vagrant.
AndroTotal - free online APK analysis for compatibility with multiple mobile antivirus applications.
Cuckoo Sandbox - standalone open-source sandbox and automated analysis system.
cuckoo-modified - modified version of Cuckoo Sandbox released under the GPL license.
cuckoo-modified-api - Python API used to manage the modified cuckoo sandbox.
Cryptam - Analysis of suspicious office documents.
DeepViz - multi-format file analyzer with machine learning-based classification.
detux - sandbox developed for analyzing Linux malware traffic and capturing IOCs.
DRAKVUF - Dynamic malware analysis system.
firmware.re - Unpacks, scans, and analyzes almost any firmware version.
HaboMalHunter - Automatic malware analysis tool for ELF Linux files.
Hybrid Analysis - online tool for analyzing malware based on VxSandbox (with API).
Intezer - Detection, analysis, and classification of malware by identifying code reuse and code similarities.
IRMA - Asynchronous and customizable platform for analyzing suspicious files.
Joe Sandbox - Deep malware analysis with Joe Sandbox.
Jotti - Free multi-AV online scanner.
Limon - Sandbox for analyzing Linux malware.
Malheur - Automatic isolated analysis of malware behavior.
malice.io - Scalable framework for malware analysis.
malsub - Python RESTful API framework for online malware and URL analysis services.
Malware config - Extract, decrypt and display configuration parameters of common malware online.
MalwareAnalyser.io - Static online malware anomaly analyzer with heuristic detection mechanism based on machine learning.
Malwr - Free analysis with an online Cuckoo Sandbox instance.
MetaDefender Cloud - Free scanning of files, hashes, IP addresses, URLs or domain addresses for malware.
NetworkTotal - Service that analyzes pcap files and aids in rapid detection of viruses, worms, trojans and all types of malware using Suricata configured with EmergingThreats Pro.
Noriben - Uses Sysinternals Procmon to collect information on malware in an isolated environment.
PacketTotal - Online engine for analyzing .pcap files and visualizing network traffic within them.
ProcDot - Set of graphical tools for analyzing malware.
Recomposer - Auxiliary script for safely uploading binary files to sandbox sites.
sandboxapi - Python library for creating integrations with multiple open-source and commercial sandbox environments.
SEE - Sandboxed Execution Environment (SEE) is a platform for building automated testing in secure environments.
VirusTotal - Free online analysis of malware samples and URLs.
Visualize_Logs - Open-source visualization library and command-line tools for logs (Cuckoo, Procmon, etc.).
Zeltser's List - Free automated sandboxes and services compiled by Lenny Zeltser.
SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
InQuest Deep File Inspection - Upload common malware for deep file inspection and heuristic analysis.
anlyz.io - online sandbox.
AVCaesar - Malware.lu online scanner and repository of malware programs.
BoomBox - automated deployment of a lab for analyzing malware with Cuckoo Sandbox using Packer and Vagrant.
AndroTotal - free online APK analysis for compatibility with multiple mobile antivirus applications.
Cuckoo Sandbox - standalone open-source sandbox and automated analysis system.
cuckoo-modified - modified version of Cuckoo Sandbox released under the GPL license.
cuckoo-modified-api - Python API used to manage the modified cuckoo sandbox.
Cryptam - Analysis of suspicious office documents.
DeepViz - multi-format file analyzer with machine learning-based classification.
detux - sandbox developed for analyzing Linux malware traffic and capturing IOCs.
DRAKVUF - Dynamic malware analysis system.
firmware.re - Unpacks, scans, and analyzes almost any firmware version.
HaboMalHunter - Automatic malware analysis tool for ELF Linux files.
Hybrid Analysis - online tool for analyzing malware based on VxSandbox (with API).
Intezer - Detection, analysis, and classification of malware by identifying code reuse and code similarities.
IRMA - Asynchronous and customizable platform for analyzing suspicious files.
Joe Sandbox - Deep malware analysis with Joe Sandbox.
Jotti - Free multi-AV online scanner.
Limon - Sandbox for analyzing Linux malware.
Malheur - Automatic isolated analysis of malware behavior.
malice.io - Scalable framework for malware analysis.
malsub - Python RESTful API framework for online malware and URL analysis services.
Malware config - Extract, decrypt and display configuration parameters of common malware online.
MalwareAnalyser.io - Static online malware anomaly analyzer with heuristic detection mechanism based on machine learning.
Malwr - Free analysis with an online Cuckoo Sandbox instance.
MetaDefender Cloud - Free scanning of files, hashes, IP addresses, URLs or domain addresses for malware.
NetworkTotal - Service that analyzes pcap files and aids in rapid detection of viruses, worms, trojans and all types of malware using Suricata configured with EmergingThreats Pro.
Noriben - Uses Sysinternals Procmon to collect information on malware in an isolated environment.
PacketTotal - Online engine for analyzing .pcap files and visualizing network traffic within them.
ProcDot - Set of graphical tools for analyzing malware.
Recomposer - Auxiliary script for safely uploading binary files to sandbox sites.
sandboxapi - Python library for creating integrations with multiple open-source and commercial sandbox environments.
SEE - Sandboxed Execution Environment (SEE) is a platform for building automated testing in secure environments.
VirusTotal - Free online analysis of malware samples and URLs.
Visualize_Logs - Open-source visualization library and command-line tools for logs (Cuckoo, Procmon, etc.).
Zeltser's List - Free automated sandboxes and services compiled by Lenny Zeltser.
SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
InQuest Deep File Inspection - Upload common malware for deep file inspection and heuristic analysis.
PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.
PDF X-Ray Lite - Tool for analyzing PDFs, free version of PDF X-RAY.
peepdf - Python tool for studying potentially malicious PDF files (parsing objects, streams, decoding decompression, etc.).
AnalyzePDF - Tool for analyzing PDF files and attempting to determine if they are malicious.
Pdf-parser.py - Similar to peepdf utility, for analyzing pdf, involved in WriteUp.
malpdfobj - Map malicious PDF files to JSON representation.
Origami PDF - Tool for analyzing malicious PDF files and more.
PDF Examiner - Analysis of suspicious PDF files.
olevba - Script for parsing OLE and OpenXML documents and extracting useful information.
OfficeMalScanner - Scans for malicious traces in MS Office documents.
box-js - Tool for studying malicious JavaScript programs with JScript/WScript support and ActiveX emulation.
JS Beautifier - Unpacking and deobfuscation of JavaScript.
Spidermonkey - Mozilla's JavaScript engine for debugging malicious JS.
diStorm - Disassembler for analyzing malicious shellcode.
libemu - Library and tools for x86 shellcode emulation.
PDF X-Ray Lite - Tool for analyzing PDFs, free version of PDF X-RAY.
peepdf - Python tool for studying potentially malicious PDF files (parsing objects, streams, decoding decompression, etc.).
AnalyzePDF - Tool for analyzing PDF files and attempting to determine if they are malicious.
Pdf-parser.py - Similar to peepdf utility, for analyzing pdf, involved in WriteUp.
malpdfobj - Map malicious PDF files to JSON representation.
Origami PDF - Tool for analyzing malicious PDF files and more.
PDF Examiner - Analysis of suspicious PDF files.
olevba - Script for parsing OLE and OpenXML documents and extracting useful information.
OfficeMalScanner - Scans for malicious traces in MS Office documents.
box-js - Tool for studying malicious JavaScript programs with JScript/WScript support and ActiveX emulation.
JS Beautifier - Unpacking and deobfuscation of JavaScript.
Spidermonkey - Mozilla's JavaScript engine for debugging malicious JS.
diStorm - Disassembler for analyzing malicious shellcode.
libemu - Library and tools for x86 shellcode emulation.
FakeNet-NG - Next-generation dynamic network analysis tool.
INetSim - Emulation of network services useful in setting up a malware lab.
ApateDNS - Spoofs DNS responses for IP addresses related to a specific user to track malicious software requests.
Fiddler - Web debugging proxy for "web debugging."
Bro - Protocol analyzer working at incredible scales; for both file and network protocols.
BroYara - Use Bro's Yara rules.
Chopshop - Structure analysis and protocol decoding.
CloudShark - Web tool for packet analysis and detecting malicious traffic.
Hale - Botnet C&C monitor.
HTTPReplay - Library for parsing and reading PCAP files, including TLS sessions using TLS keys (used in Cuckoo Sandbox).
Malcolm - Powerful, easily deployable set of network traffic analysis tools to obtain artifacts (PCAP files) and Zeek logs.
mitmproxy - Allows capturing network traffic "on the fly."
NetworkMiner - Network forensic analysis tool with a free version (widely used in DFIR).
ngrep - Network traffic search, analog to grep in Linux.
Tcpdump - Network traffic collection.
tcpxtract - File extraction from network traffic.
Wireshark - Network traffic analysis tool.
INetSim - Emulation of network services useful in setting up a malware lab.
ApateDNS - Spoofs DNS responses for IP addresses related to a specific user to track malicious software requests.
Fiddler - Web debugging proxy for "web debugging."
Bro - Protocol analyzer working at incredible scales; for both file and network protocols.
BroYara - Use Bro's Yara rules.
Chopshop - Structure analysis and protocol decoding.
CloudShark - Web tool for packet analysis and detecting malicious traffic.
Hale - Botnet C&C monitor.
HTTPReplay - Library for parsing and reading PCAP files, including TLS sessions using TLS keys (used in Cuckoo Sandbox).
Malcolm - Powerful, easily deployable set of network traffic analysis tools to obtain artifacts (PCAP files) and Zeek logs.
mitmproxy - Allows capturing network traffic "on the fly."
NetworkMiner - Network forensic analysis tool with a free version (widely used in DFIR).
ngrep - Network traffic search, analog to grep in Linux.
Tcpdump - Network traffic collection.
tcpxtract - File extraction from network traffic.
Wireshark - Network traffic analysis tool.
PEBear - Excellent, free tool for analyzing PE 32/64 files, obtaining handles.
jstrosch/malware-samples - malware samples on GitHub, including memory dumps.
ytisf/theZoo - malware zoo on GitHub for researchers and enthusiasts.
MalwareBazaar - primary source for obtaining interesting and fresh malware samples.
volatility/wiki/Memory-Samples - for practicing memory dump research skills infected with malware.
Dump-GUY/Malware-analysis-and-Reverse-engineering - samples, IDA Pro databases for malware analysis.
ytisf/theZoo - malware zoo on GitHub for researchers and enthusiasts.
MalwareBazaar - primary source for obtaining interesting and fresh malware samples.
volatility/wiki/Memory-Samples - for practicing memory dump research skills infected with malware.
Dump-GUY/Malware-analysis-and-Reverse-engineering - samples, IDA Pro databases for malware analysis.
"Revelation Will Show" - a fairly recent book with practical exercises at the end of each chapter.
"Rootkit Arsenal" - Rootkit Arsenal: evasion and evasion in the dark corners of the system.
"Rootkits and Bootkits: Modern Reverse Engineering of Malware and Next-Generation Threats."
"Practical Malware Analysis" - Practical Malware Analysis: Learn the concepts, tools and techniques for analyzing and investigating malware for Windows.
"IDA Pro Book" - The unofficial guide to the world's most popular disassembler.
"Mastering Malware Analysis" - Mastering Malware Analysis: A comprehensive guide for malware analysts on combating malware, APT attacks, cyber attacks and IoT.
"Rootkit Arsenal" - Rootkit Arsenal: evasion and evasion in the dark corners of the system.
"Rootkits and Bootkits: Modern Reverse Engineering of Malware and Next-Generation Threats."
"Practical Malware Analysis" - Practical Malware Analysis: Learn the concepts, tools and techniques for analyzing and investigating malware for Windows.
"IDA Pro Book" - The unofficial guide to the world's most popular disassembler.
"Mastering Malware Analysis" - Mastering Malware Analysis: A comprehensive guide for malware analysts on combating malware, APT attacks, cyber attacks and IoT.