This post is part of a series of posts categorized as “Wiki” that contain basic how-to information. The intent is to create a reference repository for myself, but I’m not selfish so if anyone else can also benefit from it then I’m happy to share the knowledge!
There are so many great tools that can help with malware analysis and I find myself forgetting which ones I’ve heard of. A lot of the tools in this list I originally learned about from one of two sources: the book “Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software” by Michael Sikorski and Andrew Honig; the SANS FOR610: Reverse-Engineering Malware course by Lenny Zeltser and Anuj Soni.
Many of these tools can be found bundled together for Windows in “FLARE VM” or for Linux in “REMnux.” Both are free.
Basic Static Analysis
Name Usage Cases API Monitor [Windows] Monitor and examine API calls of a running process Binary Ninja [Linux/Windows] Disassembler and decompiler (beta at this time) dnSpy [Windows] Debugger and .NET assembly editor Ghidra [Windows] Disassembler and decompiler, static code analysis Hopper [Linux] Disassembler and decompiler IDA [Windows] Disassembler and decompiler, static code analysis jmp2it OllyDumpEx Radare2 [Linux/Windows] Disassembler, debugger, and other helpful features scdbg [Windows] Shellcode emulator Scylla x32dbg & x64dbg [Windows] Debugging, static code analysis Windbg [Windows] Debugging, static code analysis Malicious Documents