Malware Anaylsis Lab Setup and Resources

Late last week I decided I would like to take a step into Malware Analysis. So far I have not invested as much time into this as I would like but I have managed to setup a fairly complete Windows 7 Virtual Machine that includes a ton of the tools an analysist would usually need. Some of the tools I have installed are:

• 010 which is one of my favorite Windows Hex Editors
• Cygwin which is pretty much a complete Linux Terminal for on Windows
• IDA Starter which is probably the best decompiler currently in existence
• Dependency Walker which allows you to see what resources a peice of malware is using
• Fakenet is a tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment.
• OllyDBG is also installed on this system as an alternatvie to IDA
• PEview might be the most important tool and it is used in anaylzing PE files.
• Resource Hacker which has many different uses but is mainly used in editting files

I also took a snapshot once everything was configured so I always have somewhere to fall back too. As well gathering these utilities I also have come across a couple great resources which I am going to list now and link if possible:

• Practical Malware Analysis and its lab materails
  • Pretty much the Bible as far as getting started with this stuff goes
• Cybrary’s Malware Analysis and Reverse Engineering Class
• RPISEC’s Malware Anaylsis Course
• Awesome Malware Anaylsis
• The Zoo
  • The Zoo is a Github repo of malware samples and source code

In the next week or two I plan on uploading a couple posts on a step by step anaylsis of different malware samples. If anyone is interested in a copy of my .vdi let me know and if you have any questions also let me know!