Malware Anaylsis Lab Setup and Resources
June 19, 2016
Late last week I decided I would like to take a step into Malware Analysis. So far I have not invested as much time into this as I would like but I have managed to setup a fairly complete Windows 7 Virtual Machine that includes a ton of the tools an analysist would usually need. Some of the tools I have installed are:
- 010 which is one of my favorite Windows Hex Editors
- Cygwin which is pretty much a complete Linux Terminal for on Windows
- IDA Starter which is probably the best decompiler currently in existence
- Dependency Walker which allows you to see what resources a peice of malware is using
- Fakenet is a tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment.
- OllyDBG is also installed on this system as an alternatvie to IDA
- PEview might be the most important tool and it is used in anaylzing PE files.
- Resource Hacker which has many different uses but is mainly used in editting files
I also took a snapshot once everything was configured so I always have somewhere to fall back too. As well gathering these utilities I also have come across a couple great resources which I am going to list now and link if possible:
- Practical Malware Analysis and its lab materails
- Pretty much the Bible as far as getting started with this stuff goes
- Cybrary’s Malware Analysis and Reverse Engineering Class
- RPISEC’s Malware Anaylsis Course
- Awesome Malware Anaylsis
- The Zoo
- The Zoo is a Github repo of malware samples and source code
In the next week or two I plan on uploading a couple posts on a step by step anaylsis of different malware samples. If anyone is interested in a copy of my .vdi let me know and if you have any questions also let me know!