Home Resources
Resources
Cancel

Resources

Table of Contents


Malware Detonation sandboxes

The following are a few malware detonation sandboxes I have used and have been valuable:

Malware Samples

The following are some locations where you can grab samples of malware for analysis.

General Live Malware

Network Packet Samples

Lists of malicious URLs hosting malware

Automated malware unpacking

NameLink
OpenAnalysis UNPACMEhttps://www.unpac.me/#/

Malware Techniques examples

A few GitHub repos that I found of which have examples of anti-analysis techniques (Anti-Debug, Anti-VM, Anti-Analysis, etc). These can be useful to compile and see what it looks like in the disassembler when you run into them. This also can help in seeing what types of techniques may be found in malware attempting to make reverse engineering more difficult for the analyst.

NameLink
alichtman: malware-techniqueshttps://github.com/alichtman/malware-techniques
LordNoteworthy: al-khaserhttps://github.com/LordNoteworthy/al-khaser
Ultimate Anti-Reversing ReferenceThe_Ultimate_Anti-Reversing_Reference.pdf

Malware Analysis Platforms

These are images, VM’s, or scripts to build out a VM that is suitable to reverse engineer or otherwise deal with analyzing malware. Granted, you can build your own (I did for a long time) but being able to automate the creation of an environment in minimal time has proven to be more valuable.

Reverse Engineering Disassemblers

While there are tons of disassemblers and decompilers out there, the following list seems to the standard ones that come up in conversation over and over that you should be aware of.

Emulators

There are several tools and frameworks that can help emulate the CPU and crawl a binary in an attempt to capture what the instructions are trying to do, what API calls it is making, etc. They can be hit and miss and often give you a partial view of what is happening. The information you can get, however, may be critical and substantial.

Other Tools

Additional tools that add or augment analysis.

NameLink
BinDiff (for use by IDA Pro)https://zynamics.com/software.html
BinDiff Quick Walkthroughhttps://www.youtube.com/watch?v=BLBjcZe-C3I