Malware Static Analysis
Content Leader: Jess Garcia - Last Updated: November 29, 2006
Analysis Tools
Common
-
Virus Scan
-
Virus Total - Online tool that allows you to submit a binary and will run it through a number of Anti-Virus programs to determine if it is a well-known piece of malware.
-
File Identification
-
file - Present in almost every UNIX distribution, the file utility allows you to identify what type of file you are dealing with and, in many cases (such in binaries), some characteristics about it.
-
String Search
-
strings - Extracts strings (ascii / Unicode) from binary files.
-
Pattern Search
-
Universal Pattern Searcher - Looks for common patterns in different datasets
-
Worminator - Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support.
Linux Specific
-
objdump - Extracts information from object files
-
readelf - Extracts information from ELF files
Windows Specific
