ssdeep – is a tool used for Fuzzy Hashing, which is a type of hashing that employs Context-Triggered Piecewise Hashing (CTPH). Essentially, this tool is utilized to compare files that are similar but not identical.
Using ssdeep, it is possible to classify various malware samples, and if any similarities are detected, the tool can identify the malware family to which the sample belongs.
UPX is a famous tool that is used to pack and unpack a PE file and used by both benign and malicious software for their own gain.
HashMyFiles by Nirsoft is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.
HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss command prompt base strings analysis in Windows Architecture.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss cli base strings analysis in Linux Architecture.
Trid a static analysis tool in windows and is a file like tool from linux, this detects the file type of a PE file that helps the analyst to prepare the environment for further analysis and runs by executing it inside the cmd prompt.
Note: Trid will look for a file called “triddefs.trd” in order to execute, make sure you place it in the same directory together.