<-- back

Malware Anaylsis Lab Setup and Resources

Late last week I decided I would like to take a step into Malware Analysis. So far I have not invested as much time into this as I would like but I have managed to setup a fairly complete Windows 7 Virtual Machine that includes a ton of the tools an analysist would usually need. Some of the tools I have installed are:

  • 010 which is one of my favorite Windows Hex Editors
  • Cygwin which is pretty much a complete Linux Terminal for on Windows
  • IDA Starter which is probably the best decompiler currently in existence
  • Dependency Walker which allows you to see what resources a peice of malware is using
  • Fakenet is a tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment.
  • OllyDBG is also installed on this system as an alternatvie to IDA
  • PEview might be the most important tool and it is used in anaylzing PE files.
  • Resource Hacker which has many different uses but is mainly used in editting files

I also took a snapshot once everything was configured so I always have somewhere to fall back too. As well gathering these utilities I also have come across a couple great resources which I am going to list now and link if possible:

In the next week or two I plan on uploading a couple posts on a step by step anaylsis of different malware samples. If anyone is interested in a copy of my .vdi let me know and if you have any questions also let me know!