Malware analysis tools used alongside "Practical Malware Analysis: The Hands-on Guide to Dissecting Malicious Software" Book by Andrew Honig and Michael Sikorski. Some are custom written but most are straight from the book.
A step by step series of examples that tell you how to download the repo
Use command line git or download with a browser
- Using Git
Navigate to the directory where the repo will be cloned and then use
git clone https://github.com/rptucker/analysisTools.git
Move into the directory to access the tools and installers
- 7z1805.exe - 7-Zip is a file archiver with a high compression ratio.
- Dependecy Walker - A utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules
- hasher.py - A script written by me to compute file hashes, it currently supports MD5, SHA1, and SHA256
- hasher - The compiled binary of hasher.py
- nc111.nt.zip - Netcat for windows
- pebinstsp.exe - PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies.
- PEiD - detects most common packers, cryptors and compilers for PE files, however support was discontinued since April 2011
- PEview - Used for viewing the PE file header
- regshot - Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.
- reshacker_setup.exe - Resource HackerTM has been designed to be the complete resource editing tool: compiling, viewing, decompiling and recompiling resources for both 32bit and 64bit Windows executables.
- sdl-apatedns.zip - ApateDNSTM is a tool for controlling DNS responses though an easy-to-use GUI. As a phony DNS server, ApateDNS spoofs DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine.
- strings.exe - It scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters
- Sysinternals Suite - the individual troubleshooting tools and help files from Microsoft
- upx394w.zip - UPX is a free, portable, extendable, high-performance executable packer for several executable formats
- Wireshark - Wireshark is the world’s foremost and widely-used network protocol analyzer
- Git - Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
- The stackoverflow community
- My dog