From: Andre' - SemperSecurus (sempersecurus@gmail.com)
Date: Thu Aug 02 2007 - 11:39:38 EDT
My $.02
For static or code analysis, I use IDAPro or Ollydbg as well as goodold 'strings' and 'objdump', I've also been starting to play with PEExplorer lately.
For dynamic studies, I'll run wireshark on my host system and use acombo of Winalysis, Process Explorer, filemon, and fport. Lately, I'vebeen kicking SysAnalyzer around a bit.
Keep in mind, more and more malware is becoming VMWare aware, so ahardware solution such as a CoreRestore card might be a goodinvestment.
In general:
Behavioral Analysis:WiresharkProcess MonitorProcess ExplorerFileMonRegMonTCPViewWinalysisSysAnalyzerSnorttcpdump
Static Analysis:AV ScannersIDA ProOllydbgstringsVarious unpackersPE ExplorerLordPEGoogle
HTH
On 7/31/07, Rafa Richart <Rafa@ontinet.com> wrote:>> Hi Pals,>> we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some advices of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc...>> Any help is wellcome.>> Thanks in advance>> Rafa>>>> ------------------------------------------------------------------------> This list is sponsored by: Cenzic>> Need to secure your web apps NOW?> Cenzic finds more, "real" vulnerabilities fast.> Click to try it, buy it or download a solution FREE today!>> http://www.cenzic.com/downloads> ------------------------------------------------------------------------>>
-- Andre' M. Di Mino - SemperSecurusThe Shadowserver Foundationhttp://www.shadowserver.org
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT