PE Studio by Marc Ochsenmeier is a GUI tool for statically examining many aspects of a suspicious Windows executable file, such as imported and exported function names and strings. Let's take a look at a few static analysis utilities that run on Windows. Also, my webcast on getting started with malware analysis using REMnux showed several other Unix-based tools useful for this work. In an earlier post I discussed how to extract static property details a Linux environment by using MASTIFF. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Examining static properties of suspicious files is a good starting point for malware analysis.
0 kommentar(er)
