![]() PE Studio by Marc Ochsenmeier is a GUI tool for statically examining many aspects of a suspicious Windows executable file, such as imported and exported function names and strings. Let's take a look at a few static analysis utilities that run on Windows. Also, my webcast on getting started with malware analysis using REMnux showed several other Unix-based tools useful for this work. ![]() In an earlier post I discussed how to extract static property details a Linux environment by using MASTIFF. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables. ![]() This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Immediately apply the skills and techniques learned in SANS courses, ranges, and summitsĮxamining static properties of suspicious files is a good starting point for malware analysis. ![]()
0 Comments
Leave a Reply. |