Tag: analysis


Guymager a free forensic imager

Guymager is a free open source forensic imager for media acquisition. Its main features are: Easy user interface in different languages Runs under Linux Really fast, due to multi-threaded, pipelined design and multi-threaded data compression Makes full usage of multi-processor machines Generates flat (dd), EWF (E01) and AFF images, supports disk cloning Free of charges, …

Malware Analysis

FileAlyzer – Analyze files – Read PE information

FileAlyzer is a tool to analyze files – the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources …

Malware Analysis

Read Portable Executable (PE) information

PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types. Download from here.

Malware Analysis

Detect packers, cryptors and compilers

PEiD is used to detect most common packers, cryptors and compilers found in PE executable files. The current version of PEiD can detect over 7000 different signatures which are loaded from userdb.txt. The official website (www.peid.info) has been discontinued.   Download PEiD 0.95 from MediaFire. Download userdb.txt from MediaFire. All files in .7z file have …

Reverse Engineering

PaiMei – a reverse engineering framework written in Python

PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer’s swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. The largest …

Malware Analysis

Create fake services for malware analysis

INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. Services HTTP / HTTPS SMTP / SMTPS POP3 / POP3S DNS FTP / FTPS TFTP IRC NTP Ident Finger Syslog Daytime Time Echo Chargen Discard Quotd To install, configure and run …

Forensics, Reverse Engineering

Detect executable dependencies

Dependency Walker – scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Detects many common …