/Malware_Analysize-Tools

Here are some tools I developed to help analyze malware

Primary LanguagePython

Donate

XMR:44noxuc1pN3KXq5wXJ6psDGm5KazAqXYPBD2cU9E92xdLng8zZdqXuQH4WLqGLqFxUZs4Rcykh56k7T7Zb5tNGKeKg9iRiD

Malware

Here are some tools I collected to help analyze malware

C++ Debugger and Decompiler
IDA Pro www.hex-rays.com/products/ida/
x64dbg and Immunity Debugger https://x64dbg.com/#start
APIMiner v1.0.0 API Logger for Windows Executables https://github.com/poona/APIMiner/releases
APIMonitor http://www.rohitab.com/apimonitor

File Type Identify
Trid https://mark0.net/soft-trid-e.html
pestudio https://www.winitor.com/
PEView http://wjradburn.com/software/
YARA https://virustotal.github.io/yara/
BinText http://b2b-download.mcafee.com/products/tools/foundstone/bintext303.zip
XorSearch https://blog.didierstevens.com/programs/xorsearch/
Balbuzard https://github.com/decalage2/balbuzard
Detect It Easy https://github.com/horsicq/DIE-engine

Process Analysize Tools
Process Hacker https://processhacker.sourceforge.io/
Process Explorer、procmon、autoruns、Strings https://docs.microsoft.com/en-us/sysinternals/downloads/processexplorer
CurrProcess www.nirsoft.net/utils/cprocess.html
procdot https://www.procdot.com/

NetWork Analysize Tools
FakeNet https://sourceforge.net/projects/fakenet/
Wireshark www.wireshark.org
Microsoft Network Monitor www.microsoft.com/en-in/download/details.aspx?id=4865
Fiddler www.telerik.com/download/fiddler/fiddler4
Bulk Extractor extract traffic from dump http://downloads.digitalcorpora.org/downloads/bulk_extractor/
FTK Imager Lite https://accessdata.com

Driver Analysize
NoVirusThanks Ring3 HOOK scan tools www.novirusthanks.org/products/ring3-api-hook�scanner/
GMER Ring0 HOOK scanner www.gmer.net
SSDTView www.novirusthanks.org/products/ssdt-view/
DriverView www.nirsoft.net/utils/driverview.html
pyark https://github.com/antiwar3/py

Script Analysize
Anaylysize Malicious JavaScript www.malzilla.org/downloads.html
SimpleWMIView www.nirsoft.net/utils/simple_wmi_view.html
Registry Viewer https://accessdata.com
SpiderMonkey https://spidermonkey.dev/

DOC Analysize
Oledump.py https://blog.didierstevens.com/programs/oledump-py/
OleFileIO www.decalage.info/python/olefileio
DocFileViewerEx www.docfileviewer.wedding-soft.com
pdf-parser.py https://blog.didierstevens.com/programs/pdf-tools/
PDFStreamDumper https://github.com/dzzie/pdfstreamdumper

ShellCode Analysize
libemu https://github.com/dzzie/VS_LIBEMU
scdbg http://sandsprite.com/blogs/index.php?uid=7&pid=152

IDA plugin
https://github.com/OALabs/hashdb-ida
https://github.com/sibears/IDAGolangHelper
https://github.com/polymorf/findcrypt-yara

Golang Reverse
https://github.com/unixpickle/gobfuscate
https://github.com/0xjiayu/go_parser/tree/py3
https://github.com/strazzere/golang_loader_assist/blob/master/golang_loader_assist.py

Python Reverse
https://github.com/extremecoders-re/pyinstxtractor
https://github.com/zrax/pycdc
https://github.com/rocky/python-uncompyle6