Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In the previous session, we learned how to install Windows XP machine, VMware, and Kali. In this session, we'll learn more about malware analysis tools that are used for virtual machine. These include: SysInternals, MAP Pack, 010, PE Viewer (such as CFF Explorer, PE Explorer, PE View, PE Studio), IDA Pro, Cygwin, and Notepad++. There are several tools available that are used for dynamic analysis. These are Capture BAT, RegShot, PEiD, LordPE, Import Reconstructor, OllyDbg 2.0, and many more. You will also understand some limitations of VirtualBox (or VBox) and Windows Vista. Additionally, you'll learn why taking snapshots for every major update, service pack, and software version is important in preventing malware attack. We will conclude with the different levels of automation that can be done in the malware analysis arena. Several tools such as Zen, Malware Farms, Cuckoo Sandbox, FireEye, Joe Sandbox, ThreatGrid, VirusTotal, Anubis, Hyper-V allow you to automate malware analysis and sometimes removal. Although these tools help in capturing report data, signatures, and indicators, they are unable to replace human malware analysts. And finally, there are some good resources that will help you establish expertise: Cuckoo Malware Analysis by Digit Octavianto, Iqbal Muhardianto; Malware Analysis Cookbook by Michael Ligh, Steven Adair, Blake Hartstein; Gray Hat Python by Justin Seitz.