Scribd Logo
Upload

Welcome to Scribd!

  • MARE Cheatsheet

    Uploaded by

    Advoch
    13 views3 pages
    Virtual machines and sandboxing tools can be used to detect virtual machine detection and sandboxing by malware. Process monitoring tools allow monitoring of processes, API calls, files, registry and network activity which can help analyze malware behavior. Debuggers and disassemblers allow reversing malware to understand its functioning through debugging, disassembling and decompiling. Static analysis tools help analyze malware binaries to detect packers, compilers and other embedded information without executing them.

    Original Description:

    MARE+Cheatsheet

    Original Title

    MARE+Cheatsheet

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Virtual machines and sandboxing tools can be used to detect virtual machine detection and sandboxing by malware. Process monitoring tools allow monitoring of processes, API calls, files, registry and network activity which can help analyze malware behavior. Debuggers and disassemblers allow reversing malware to understand its functioning through debugging, disassembling and decompiling. Static analysis tools help analyze malware binaries to detect packers, compilers and other embedded information without executing them.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    13 views3 pages

    MARE Cheatsheet

    Uploaded by

    Advoch
    Virtual machines and sandboxing tools can be used to detect virtual machine detection and sandboxing by malware. Process monitoring tools allow monitoring of processes, API calls, files, registry and network activity which can help analyze malware behavior. Debuggers and disassemblers allow reversing malware to understand its functioning through debugging, disassembling and decompiling. Static analysis tools help analyze malware binaries to detect packers, compilers and other embedded information without executing them.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Reverse Engineering and Malware

    Analysis Cheatsheet

    Virtualisation and sandboxing

    Sandboxie Sandbox any application from the OS to prevent unwanted changes.


    Re
    ScoopyNG Virtual machine detection with anti-anti-detection mechanisms.

    VMDetector Detect whether an application is running inside a virtual machine.


    ve

    VMware Workstation Hosted hypervisor to set up virtual machines on a single physical host.
    rs

    Process and API monitoring


    e

    Cr

    PE Sieve Detect injected processes, shellcode, hooks, and other in-memory patches.
    En

    Process Explorer Free process monitoring tool with multiple features.


    is

    gi

    Ud
    Process Hacker Free tool to monitor system resources, debug software and detect malware.
    ti

    ne

    Process Monitor Real-time monitoring tool for file system, registry and process/thread activity.
    em
    na

    Rohitab API Monitor Free tool to monitor and control API calls made by applications and services.
    er

    in

    Registry and file system monitoring


    Gh

    FileActivityWatch
    eo

    Free tool to monitor read, write and delete operations of all files.
    Es

    FolderChangesView Free tool to monitor a folder or disk drive for file and folder changes.
    rg

    RegShot Open-source Windows registry and file system compare utility.


    se
    hi

    WRR Windows Registry Hive File Viewer and Analyzer


    nt
    sa

    Network traffic inspection and monitoring


    ia

    Apate DNS GUI tool for controlling DNS responses.


    ls

    Burp Suite CE Web traffic inspection and security testing tool for web applications.

    FakeNet-NG Dynamic network analysis tool and network services simulator.

    Fiddler Web debugger and HTTP(S) traffic interception and inspection.

    NetworkMiner Open-source network forensic analysis tool and passive network sniffer.

    Proxifier Proxy any network application through SOCKS or HTTPS proxy and chains.

    Wireshark Open-source packet analyser, used for network troubleshooting.

    Reverse Engineering and Malware Analysis toolset 1 of 3


    Debugging, disassembling, decompiling

    dnSpy Interactive debugger and .NET assembly editor.

    Exe2Aut Decompiler for compiled AutoIt3 scripts.

    Ghidra A software reverse engineering (SRE) suite of tools developed by NSA.

    IDA Pro Multi-formats and multi-platform interactive disassembler and debugger.

    Immunity Debugger Debugger and disassembler with support for Python scripting.

    OllyDbg Debugger and disassembler with many plugins.

    Olly Phant0m plugin Plugin for concealment of OllyDbg from known anti-debugging techniques.
    Re
    Radare2 Free toolchain for reverse engineering, exploiting, debugging and forensics.
    ve
    Snowman Plugin and standalone decompiler for ELF, Mach-O, and PE files.
    rs

    Visual Studio Full-featured integrated development environment (IDE).

    WinDbg Debug kernel-mode and user-mode code, analyse crash dumps.


    e

    x64dbg Open-source x64/x32 debugger for windows.


    Cr

    En

    Static analysis
    is

    gi

    Ud

    ti

    ne

    CFF Explorer PE editor with full support for the .NET file format.
    em

    CVDump Dumps symbols from PDB files.


    na

    er

    ExeInfoPE View information about PE files, identify packers, scan file entropy.
    in

    HexWorkshop Hex editor with a lot of extra features.


    Gh

    LordPE View and manipulate PE files (headers, sections, imports, exports, etc).
    eo

    PEiD Detect most common packers, cryptors and compilers for PE files.
    Es
    rg

    PEview View the structure of 32-bit Portable Executable (PE) files.


    se

    PE Studio
    hi

    Spot suspicious artefacts within PE executable files.


    nt

    Resource Hacker Resource compiler and decompiler for Windows applications.


    sa

    Scylla PE Import table reconstructor with plugins support.


    ia
    n

    UPX Multi-platform executable packer, for several executable formats.


    ls

    Miscellaneous

    DeskPins Very useful utility to make any application stay Always on top.

    FirmwareTablesView Tool for Windows that displays firmware tables (ACPI, SMBIOS).

    Hexyl Simple coloured hex viewer for the terminal (multi-platform).

    HxD Free and fast hex editor with raw disk editing and modifying of RAM support.

    Reverse Engineering and Malware Analysis toolset 2 of 3


    Notepad++ Scintilla based, free and fast source code editor

    ProcessDump Process dumping tool with import reconstruction support for Windows 10.

    Strings Extract UNICODE or ASCII embedded strings from binary files.

    Total Commander Shareware Windows file manager with plugins support.

    UserAssistView Decrypt the list of UserAssist registry entries.

    VBinDiff Binary diff tool for Windows designed for large files.

    WinGraph IDA and standalone utility to visualise graphs in textual GDL specification.

    WinGraph_Qt Port of qwingraph to qt5 for Debian, Kali and Ubuntu.


    Re
    WinMerge Open source differencing and merging tool to compare files and folders.
    ve
    WinSpy++ Tool to gather information about windows elements.

    Yara Pattern matching Swiss knife for identifying and classifying malware.
    rs

    e
    Cr

    En
    is

    gi

    Ud
    ti

    ne

    em
    na

    er

    y
    in
    Gh

    g
    eo

    Es
    rg

    se
    hi

    nt
    sa

    ia
    n

    ls

    Reverse Engineering and Malware Analysis toolset 3 of 3

    You might also like