Malware Analysis Tools

A list of analysis tools designed to log the activities of a process, log its network traffic, access to the registry etc. Mobile malware analysis tools are included together with useful sandboxing software for dynamic analysis.

  • SysAnalyzer setup (old)SysAnalyzer GitHub repo (updated)
    SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analists to quickly build a comprehensive report as to the actions a binary takes on a system.
  • Regshot 1.9.0
    Regshot is an open-source (GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one – done after doing system changes or installing a new software product.
  • Wireshark
    Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
  • Robtex Online Service
    IPs, Domains, Network Structure Analysis tool.
  • VirusTotal
    Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
  • Mobile-Sandbox
    Mobile-Sandbox.com provides static and dynamic malware analysis for Android OS smartphones.
  • Malzilla
    MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell.
  • Volatility
    Volatility Framework is a completely open collection of tools, for the extraction of digital artifacts from volatile memory (RAM) samples.

Mobile Malware Analysis Tools

  • APKTool
    A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step.
  • Dex2Jar
    Designed to read the Android Dalvik Executable (.dex/.odex) format. It reads the dex instruction to dex-ir format and can convert to ASM format. Can also be used to perform some basic deobfuscation.
  • Smali
    smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation.

PDF Tools

  • PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not

Sandboxes

  • Cuckoo Sandbox
    Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files.
  • DroidBox
    DroidBox is developed to offer dynamic analysis of Android applications.
  • Malwasm
    Malwasm is a tool based on Cuckoo Sandbox designed to help perform step by step analysis, log all malware activities and store them into a web accessible database.