Malware Static Analysis with UPX Packer
UPX is a famous tool that is used to pack and unpack a PE file and used by both benign and malicious software for their own gain.
UPX is a famous tool that is used to pack and unpack a PE file and used by both benign and malicious software for their own gain.
HashMyFiles by Nirsoft is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.
HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss command prompt base strings analysis in Windows Architecture.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss cli base strings analysis in Linux Architecture.
Trid a static analysis tool in windows and is a file like tool from linux, this detects the file type of a PE file that helps the analyst to prepare the environment for further analysis and runs by executing it inside the cmd prompt.
Note: Trid will look for a file called “triddefs.trd” in order to execute, make sure you place it in the same directory together.
PeView is a static analysis tool that can be used to extract information about the PE header of an executable, specially the modules and the entry point.