From: Matt Steer (Matt.Steer@marstons.co.uk)
Date: Thu Aug 02 2007 - 06:18:08 EDT
Rafa,
I find the Malcode Analyst pack from www.sandsprite.com useful when I'm performing analysis.
Regards,
Matt Steer
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Colin Copley
Sent: 01 August 2007 17:24
To: Rafa Richart
Cc: pen-test@securityfocus.com
Subject: Re: Analize Virus
>From: "Rafa Richart" <Rafa@ontinet.com>
>To: <pen-test@securityfocus.com>
>Sent: Tuesday, July 31, 2007 6:28 PM
>Subject: Analize Virus
>
>we're looking for some tools to analize the Malware behaivor, we've a Lab
under contrucción, but we need some advices of what tools we've to use.
tools to see what >have benn changin the registry, stat conexions etc...
Hi
You might want to try one of the malware/virus lists as well, but here's
some apps you'll
probably find useful:
A virtual machine environment:-
MS Virtual Machine and /or VMware
Dynamic analysis:-
Regmon & Filemon, from Sysinternals, now at MS Technet
(Strings, Process Explorer, Autoruns, & Rootkit Revealer are also useful to
have handy, also from Sysinternals)
Simple DOS scripts can help to create your baselines before running a virus.
You'll also need a selection of unpackers, decompilers, debuggers,
disassemblers and hex editors.
I've found these useful:
PEid
MewUnpacker
Hexplorer / Hiew
Softice
IDA
w32dasm
Just google for links, but handle the unpackers with care, some are trojans.
Kind Regards
Colin
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
____________________________________________________
This message has been checked for Viruses and has been found
to be clean.
Marston's PLC Group Services IT Department
____________________________________________________
**********************************************************************************
Visit our Web site at www.marstons.co.uk !!
This email is confidential and may be legally privileged as are any files
transmitted with it. It is intended solely for the use by the person to
whom it is addressed. If you are not the intended recipient, be advised
that you have received this e-mail in error and that any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it is strictly prohibited and may be unlawful.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of Marston's PLC.
If you have received this e-mail in error please notify
The Marston's IT Service Desk on 01902 329500.
"Marston's PLC is a public limited company registered in England and Wales. Registered number: 31461 Registered office: Marston's House, Wolverhampton, WV1 4JT."
**********************************************************************************
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT