jess LAND
       www.jessland.net
        Sponsored by:       
One eSecurity
www.one-esecurity.com
JISK Knowledgebase >>    About    News    Essentials    Architecture    FWs    IDS/IPS    Honeypots    Malware    Forensics   
  +  JSS Home    Projects    JSS Community    Events    News    Docs    About    Contact .

JISK > Malware > Analysis > Static Malware Section Map

Malware Static Analysis

Content Leader: Jess Garcia - Last Updated: November 29, 2006


Analysis Tools

Common

  • Virus Scan
    • Virus Total - Online tool that allows you to submit a binary and will run it through a number of Anti-Virus programs to determine if it is a well-known piece of malware.
  • File Identification
    • file - Present in almost every UNIX distribution, the file utility allows you to identify what type of file you are dealing with and, in many cases (such in binaries), some characteristics about it.
  • String Search
    • strings - Extracts strings (ascii / Unicode) from binary files.
  • Pattern Search
    • Universal Pattern Searcher - Looks for common patterns in different datasets
    • Worminator - Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support.

Linux Specific

  • objdump - Extracts information from object files
  • readelf - Extracts information from ELF files

Windows Specific


Copyright © 2000-2008 Jessland - Jess Garcia's Website - All rights reserved.