A list of analysis tools designed to log the activities of a process, log its network traffic, access to the registry etc. Mobile malware analysis tools are included together with useful sandboxing software for dynamic analysis.
- SysAnalyzer setup (old) – SysAnalyzer GitHub repo (updated)
SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analists to quickly build a comprehensive report as to the actions a binary takes on a system.
- Regshot 1.9.0
Regshot is an open-source (GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one – done after doing system changes or installing a new software product.
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
- Robtex Online Service
IPs, Domains, Network Structure Analysis tool.
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
Mobile-Sandbox.com provides static and dynamic malware analysis for Android OS smartphones.
Volatility Framework is a completely open collection of tools, for the extraction of digital artifacts from volatile memory (RAM) samples.
Mobile Malware Analysis Tools
A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step.
Designed to read the Android Dalvik Executable (.dex/.odex) format. It reads the dex instruction to dex-ir format and can convert to ASM format. Can also be used to perform some basic deobfuscation.
smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation.
- PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not
- Cuckoo Sandbox
Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files.
DroidBox is developed to offer dynamic analysis of Android applications.
Malwasm is a tool based on Cuckoo Sandbox designed to help perform step by step analysis, log all malware activities and store them into a web accessible database.