Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India
In the upcoming posts we will be talking about basic malware analysis and we will start with discussing the many different Basic Malware Analysis Tools which are available. A Malware Analyst is someone highly skilled in reverse engineering malware to get a deep understanding about what a certain piece of malware does and how it does it. To become a malware analyst it is important to have a good understanding of operating systems, software, networking, programming in general, malware in general and assembly language. Assembly language is the low level programming code between the high level programming code and the machine instructions. In other words: it translates the high level language into machine instructions which will be processed by your computers hardware.
In this tutorial we will be looking at simple but popular tools for basic static malware analysis like: PEiD to detect packers, Dependency Walker to view dynamically linked functions, Resource Hacker to view the malware’s resources and PEview and FileAlyzer to examine the PE file headers and sections. These tools are used for basic static malware analysis to try to determine the kind of malware and it’s function without actually running the malware. Running and analysing the malware will be covered in laters tutorials. After this we will be looking at the malware analysis advanced tools available for advanced static analysis and advanced dynamic malware analysis in the next article: Dynamic Malware Analysis Tools. Note that we will be discussing the tools in general first and get into detailed tutorials later. In the upcoming tutorials we will be using them on sample malware in detailed step-by-step hacking tutorials.
As promised we’ll be looking at the following basic malware analysis tool: PEiD, Dependency Walker, Resource Hacker, PEview and FileAlyzer. For your convenience we will supply a download link for the tools as well so you can get your malware analysis toolbox ready for the upcoming tutorials. Be sure to subscribe to our newsletter as we will be updating this list and our toolbox along the upcoming tutorials.
PEiD
PEiD is a small application which is used to detect common packers, cryptors and compilers. Malware writers often attempt to pack or obfuscate their malware to make it harder to detect and to analyse. The current version of PEiD can detect over 470 different signatures in PE files which are loaded from a txt file called userdb. The official PEiD website is not active anymore but you can download PEiD-0.95-20081103 from Hacking Tutorials using the following download link: PEiD-0.95-20081103.zip (222 downloads)
You need to replace the userdb.txt file with the following file to add the signatures; PEiD Userdb (236 downloads)
Dependency Walker
Another great basic malware analysis tool is Dependency Walker. Dependency Walter is a free application which can be used to scan 32 and 64 bit Windows modules (.exe, .dll, .ocx, etc.) and is used to list all the imported and exported functions of a module. Dependency Walker also displays the dependencies of the file which will result in a minimum set of required files. Depency Walker also displays detailed information about those files including the filepath, version number, machine type, debug information etc.
Dependency Walker can be downloaded here.
Resource Hacker
Resource Hacker, or sometimes called ResHackers, is a free application used to extract resources from Windows binaries. Resource Hacker can extract, add and modify most resources like strings, images, menus, dialogs, VersionInfo, Manifest resources etc. The latest version of Resource Hacker, which is version 4.2.4, was release in July 2015.
Resource Hacker can be downloaded using the following link: Resource Hacker
PEview
PEview is a free and easy to use application to browse through the information stored in Portable Executable (PE) file headers and the different sections of the file. In the following tutorials we will be learning how to read those headers when we’re examining real malware.
PEview can be downloaded using the following link: PEview.
FileAlyzer
FileAlyzer is also a free tool to read information stored in PE file headers and sections but offers slightly more features and functionality than PEview. Nice features are the VirusTotal tab which can be used to submit malware to VirusTotal for analysis and the functionality to unpack UPX and PECompact packed files. And yes, Filealyzer is a typo but the developer decided to stick with the name which is kinda cool in our opinion.
FileAlyzer can be downloaded using the following link: FileAlyzer.
www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India, ceh v9 course in Pune-India,ceh certification in pune-India, ceh v9 training in Pune-India,Ethical Hacking Course in Pune-India