Tag: re

Malware Analysis

Read Portable Executable (PE) information

PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types. Download from here.

Malware Analysis

Extract resources from Windows binaries

Resource Hacker™ has been designed to be the complete resource editing tool: compiling, viewing, decompiling and recompiling resources for both 32bit and 64bit Windows executables. Resource Hacker™ can open any type of Windows executable (*.exe; *.dll; *.scr; *.mui etc) so that individual resources can be added modified or deleted within these files. Resource Hacker™ can …

Malware Analysis

Detect packers, cryptors and compilers

PEiD is used to detect most common packers, cryptors and compilers found in PE executable files. The current version of PEiD can detect over 7000 different signatures which are loaded from userdb.txt. The official website (www.peid.info) has been discontinued.   Download PEiD 0.95 from MediaFire. Download userdb.txt from MediaFire. All files in .7z file have …

Exploits, Malware Analysis, Reverse Engineering

Write exploits, analyze malware, and reverse engineer binary files

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility. Overview A debugger with functionality designed …

Reverse Engineering

PaiMei – a reverse engineering framework written in Python

PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer’s swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. The largest …

Malware Analysis

Create fake services for malware analysis

INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. Services HTTP / HTTPS SMTP / SMTPS POP3 / POP3S DNS FTP / FTPS TFTP IRC NTP Ident Finger Syslog Daytime Time Echo Chargen Discard Quotd To install, configure and run …

Forensics, Reverse Engineering

Detect executable dependencies

Dependency Walker – scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Detects many common …

Debugging, Disassembling, Reverse Engineering

Reversing with OBJDUMP

objdump – display plenty of information from object files. It is available in most Linux and Unix systems. It is also available in Windows through cygwin. Display Section Headers: objdump -h /path/to/my/object/fileobjdump -h /path/to/my/object/file Disassembling Executable Sections: objdump -dl /path/to/my/object/fileobjdump -dl /path/to/my/object/file Full Disassembling: objdump -Dslx /path/to/my/object/fileobjdump -Dslx /path/to/my/object/file Display Debugging Info: objdump -g /path/to/my/object/fileobjdump …