This is very similar to the function imports, except, it gives you a list of the files where the imports are being called from.
PE Studio will attempt to detect this and does a pretty good job in my experience it will change the text color of a suspicious section to red.
To be frank, many of these programs, especially the Portable Executable analysis tools, have overlapping/redundant features.
If you have any tools you’d like to suggest, links, or any other comments feel free to leave them below. However, you will still find the information useful because the features that I use are most likely the most beneficial features of the tools for malware analysis.
This means, if a program has 1,000 features, but in my daily analysis, I only use 5 of them, I’m only going to cover those 5 because I’m not going to explain features I’ve never used. Last but not least, I cannot possibly explain every feature of all of these programs so instead, I’m going to explain how I use each program. There is no “best” here, however, there is “more frequently used for analyzing malware samples all day.” I’m also aiming to introduce an assortment of tools here rather than introducing 5 tools which all serve the same or very similar purposes. It’s important to note that this does not mean one is “better” than the other. What I’m going to do is present them in order of usefulness/how frequently I use the tool in each subcategory. It’s important to understand how I will be presenting the tools. Static analysis of Windows files can actually be done in a Linux environment and in some cases, the tools are more powerful from Linux, and analyzing Windows execs on Linux is also the safest option if you’re worried about accidentally running the malware for some reason. What this means is that most of the tools are used for analyzing Windows files. This doesn’t mean that I won’t introduce Linux tools.
However, I wanted to add some more value by actually describing some typical usages and workflow with the tools, as well as provide some screenshots to show exactly what these tools are used for and how I use them.īefore starting, I want to emphasize that I currently engage in Windows malware analysis. If that’s all you’re looking for, well, you got it. It’s generally more like “here’s a big list of 100 malware tools, have fun!” like they typically have on those giant compound lists on Github. This is a continuously updated page and it is never finished! I decided to go ahead and cover the tools I typically use for analyzing malware because although I’ve found lists elsewhere, I’ve found no real big collection with explanation and/or any type of discussion of these tools.