![]() The Interactive Disassembler (IDA) is the most famous, providing an old build as a free version or the most updated version for a yearly fee. Disassemblers can also come with decompilers, which take the code all the way back to source code however, these are often more expensive and less reliable.Ī variety of different disassemblers are available on the market. ![]() These tools are designed to help with static code analysis by reversing machine code into assembly instructions, which are more human-readable. When most people think of malware analysis tools, they think of disassemblers. The tool uses machine learning to rank strings based on their probable utility to the analyst, decreasing the time spent searching through garbage strings. However, this list can contain a large amount of garbage since any sequence of at least three (Windows) or four (Linux) printable characters will be printed.įireEye has open-sourced StringSifter, a tool for making strings output more useful for malware analysts. It is designed to pull out any ASCII or Unicode strings within a file. The strings command is available as a terminal program on both Linux and Windows. A Windows executable file includes the names of imported libraries in plaintext, which can be useful for determining the purpose of a file based on the functions that it tries to access. A malware analyst can also manually extract printable strings from a file by looking at its ASCII representation.Įxtracting strings from a file can be extremely useful in learning about what the malware does, its origin, and other embedded information (like IP addresses or domain names). Reading a file’s magic number may help in identifying a particular filetype, and examination of the raw hex of the file can help with identification of obfuscation methods like the use of weak XOR encoding. Looking at a potential malware sample in a hex editor can be useful for extracting basic features from the file. A hex editor like HxD is designed to show both the raw hexadecimal representation of a file and the ASCII interpretation. Hex editors are some of the simplest of malware analysis tools, but they can also be extremely useful. ![]() Different tools are ideal for different purposes, so it’s helpful to be as familiar with as many as possible. Depending on the goals of the analysis, the malware analyst may need to collect different pieces of information. When starting out in malware analysis, there are a variety of useful tools available. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |