Extreme Hacking
Advanced Ethical Hacking Institute in Pune
Basic Malware Analysis Tools

In the upcoming 6 hacking tutorials we will be talking about basic malware analysis and we will start with discussing the many different Basic Malware Analysis Tools which are available. A Malware Analyst is someone highly skilled in reverse engineering malware to get a deep understanding about what a certain piece of malware does and how it does it. To become a malware analyst it is important to have a good understanding of operating systems, software, networking, programming in general, assembly language. Assembly language is the low level programming code between the high level programming code and the machine instructions. In other words: it translates the high level language into machine instructions which will be processed by your computers hardware.

In this tutorial we will be looking at simple but popular tools for basic static malware analysis like: PEiD to detect packers, Dependency Walker to view dynamically linked functions, Resource Hacker to view the malware’s resources and PEview and FileAlyzer to examine the PE file headers and sections. These tools are used for basic static malware analysis to determine the kind of malware and it’s function without actually running the malware. After this we will be looking at the malware analysis advanced tools available for advanced static analysis and advanced dynamic malware analysis in the next article: Advanced Malware Analysis Tools. Note that we will be discussing the tools in general first and get into detail later. In the upcoming chapter we will be using them on sample malware in a detail step-by-step hacking tutorial.

For now the Malware Analysis Tutorials will be divided in 6 subjects which will be released the upcoming few weeks:

 

  1. Basic Malware Analysis Tools
  2. Advanced Malware Analysis Tools
  3. Different kinds of Malware
  4. Basic Malware Analysis
  5. Advanced Static Malware Analysis
  6. Advanced Dynamic Malware Analysis

Basic Malware Analysis Tools

As promised we’ll be looking at the following basic malware analysis tool: PEiD, Dependency Walker, Resource Hacker, PEview and FileAlyzer. For your convenience we will supply a download link for the tools as well so you can get your malware analysis toolbox ready for the upcoming tutorials. Be sure to subscribe to our newsletter as we will be updating this list and our toolbox along the upcoming tutorials.

PEiD

Basic Malware Analysis Tools - PEiD

PEiD is a small application which is used to detect common packers, cryptors and compilers. Malware writers often attempt to pack or obfuscate their malware to make it harder to detect and to analyse. The current version of PEiD can detect over 470 different signatures in PE files which are loaded from a txt file called userdb. The official PEiD website is not active anymore but you can download PEiD-0.95-20081103 from Hacking Tutorials using the following download link: PEiD-0.95-20081103.zip (39 downloads)

You need to replace the userdb.txt file with the following file to add the signatures; PEiD Userdb (14 downloads)

Dependency Walker

Basic Malware Analysis Tools - Dependency Walker

Another great basic malware analysis tool is Dependency Walker. Dependency Walter is a free application which can be used to scan 32 and 64 bit Windows modules (.exe, .dll, .ocx, etc.) and is used to list all the imported and exported functions of a module. Dependency Walker also displays the dependencies of the file which will result in a minimum set of required files. Depency Walker also displays detailed information about those files including the filepath, version number, machine type, debug information etc.

Dependency Walker can be downloaded here.

Resource Hacker

Basic Malware Analysis Tools - Resource Hacker

Resource Hacker, or sometimes called ResHackers, is a free application used to extract resources from Windows binaries. Resource Hacker can extract, add and modify most resources like strings, images, menus, dialogs, VersionInfo, Manifest resources etc. The latest version of Resource Hacker, which is version 4.2.4, was release in July 2015.

Resource Hacker can be downloaded using the following link: Resource Hacker

PEview

Basic Malware Analysis Tools - PEview

PEview is a free and easy to use application to browse through the information stored in Portable Executable (PE) file headers and the different sections of the file. In the following tutorials we will be learning how to read those headers when we’re examining real malware.

PEview can be downloaded using the following link: PEview.

FileAlyzer

Basic Malware Analysis Tools - FileAlyzer

FileAlyzer is also a free tool to read information stored in PE file headers and sections but offers slightly more features and functionality than PEview. Nice features are the VirusTotal tab which can be used to submit malware to VirusTotal for analysis and the functionality to unpack UPX and PECompact packed files. And yes, Filealyzer is a typo but the developer decided to stick with the name.

FileAlyzer can be downloaded using the following link: FileAlyzer.

More Basic Malware Analysis Tools

Needless to say is that this is just a very small portion of the Basic Malware Analysis Tools available. In the upcoming few days we will be adding more tools for you to download and explore so be sure to subscribe to Hacking Tutorials to stay informed about updates. If you have any questions regarding the tools we encourage you to ask them here. Also let us know when you have suggestions for other tools.

www.extremehacking.org
CEHv9 CHFIv9 ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India,IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune