This tool was developed and maintained by Microsoft. This is an advanced task manager for Windows and lists the currently active processes, including the names of their owning accounts. It shows real-time file system, Registry and process/thread activity. It is an advanced monitoring tool for Windows programs developed by Microsoft. It is known as the Cyber Swiss Army Knife. The FireEye Labs Obfuscated String Solver uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries.ĬyberChef is a simple and intuitive web app to perform a panoply of “cyber” operations within a web browser. Its objective was to deliver a fast and flexible “first view” tool for malware analysts, stable and capable of handling malformed PE files. PE-bear is a freeware reversing tool for PE files. It is a useful tool to analyze binary internals. It is used to analyze executable files, change the binary protections, search by strings, calculate the binary entropy etc. Apart from the Windows version, there are also available versions for Linux and Mac OS.
It’s very useful to perform an initial analysis and collects details and IoCs from a binary file. PEstudio is a tool used to perform Malware Initial Assessment. It is free-of-use and most used to analyze banking malware. IDR is a popular decompiler written in Delphi and executed in Windows32 environment capable of decompiling Delphi code. URL : Interactive Delphi Reconstructor (IDR) The decompiler supports multiple formats including libraries (.dll), executables (.exe), and Windows metadata files (.winmd). NET assembly into equivalent C# or IL code. ĭotPeek is a standalone tool based on ReSharper’s bundled decompiler. More plugins can be found on the wiki page here. There are a lot of features available, and it comes with a comprehensive plugin system. X64dbg is an open-source debugger for Windows for reverse engineering purposes. Radare2 is open-source and can be used over a GUI interface known as iaito. This is a command-line debugger that can be used on Windows and Linux. It is an open-source tool maintained by the NSA and the community on GitHub and many plugins, including VTGrep, Binwalk and Golang Renamer. This framework provides a suite of tools that enable experts to analyze compiled code on various platforms, including Windows, macOS and Linux. GHIDRA is a software reverse engineering (SRE) framework created by NSA. IDA has a panoply of plugins developed by the community, and some popular pieces are VT-IDA Plugin, BinDiff and Bincat. IDA PRO is commercial software and the most used worldwide until Ghidra’s release in 2019 by NSA. IDA is a multi-platform, multi-processor disassembler that interprets machine-executable code into assembly code, allowing the debugging and the reverse engineering process. Popular tools for reversing malware Debuggers/disassemblers IDA Pro
0 kommentar(er)
