Posts Tagged ‘Malware Research’

VT image

New release YARA 3.0

Over this week a new version of Yara have been released. YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, [...]

Share

McAfee FileInsight 2.1

FileInsight McAfee – free HEX- editor for Windows. Includes all the standard features HEX- editor . It has convenient interface for editing files in hex ​​and text. Able to read the structure of exe- files and organize them by entry , section , import table with a list of imported functions and displays it in [...]

Share

Process Hacker 2.32 – Utility to manage Windows process and services

Process hacker is one of the leading tool for manipulating processes and services, this is important for monitoring the changes when you are investigating a malicious code. you will need this tool in your sandbox to identify any new process created during executing the malicious code. Utility provides detailed debugging information for the selected process, [...]

Share

PE-bear Portable Executable reversing tool

PE-bear is a project that can be used for reversing malwares, the tool provides a very useful interface to compare two portable executable files and see the difference. Some of the features are: views multiple files in parallel recognizes known packers (by signatures) fast disassembler – starting from any chosen RVA/File offset visualization of sections [...]

Share

Beware of the Disassembled Malware Emails

Security software company Symantec is alerting of a new malware that is using a disassembled malicious file to evade antimalware protection. Cybercriminals have created a hidden .dat files attached to the email with a shortcut used to reassemble the malware. When the victim click on the shortcut the computer will start by assembling the .dat [...]

Share

pev PE analysis toolkit

Reversing PE executable files require a special tools because the payload that may contain the malware in PE files is packed inside another executable file that can be a legitimate. This makes a standard static analyses tool wont be able to analyze the payload. the same to antiviruses some packed executable files may evade the [...]

Share
cuckoo

Cuckoo Sandbox- Automated Malware Analysis Framework

Cuckoo Sandbox is an open source tool that can be used to reverse malwares , exploits, documents and links. the program is written in Python and running in a virtual environment VirtualBox. the application starts by creating a clean snapshot of the system Next it will allow to monitor , record and investigate changes in [...]

Share