ssdeep – is a tool used for Fuzzy Hashing, which is a type of hashing that employs Context-Triggered Piecewise Hashing (CTPH). Essentially, this tool is utilized to compare files that are similar but not identical.
Using ssdeep, it is possible to classify various malware samples, and if any similarities are detected, the tool can identify the malware family to which the sample belongs.
UPX is a famous tool that is used to pack and unpack a PE file and used by both benign and malicious software for their own gain.
HashMyFiles by Nirsoft is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.
HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss command prompt base strings analysis in Windows Architecture.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss cli base strings analysis in Linux Architecture.
Trid a static analysis tool in windows and is a file like tool from linux, this detects the file type of a PE file that helps the analyst to prepare the environment for further analysis and runs by executing it inside the cmd prompt.
Note: Trid will look for a file called “triddefs.trd” in order to execute, make sure you place it in the same directory together.
PeView is a static analysis tool that can be used to extract information about the PE header of an executable, specially the modules and the entry point.
PEStudio is a famous tool for static analysis it gives the analyst an all in one view with just a single drop of a PE sample. It also use Virustotal API to detect if sample was then submitted by other analyst from the community it then helps for faster analysis.
PEiD is a static analysis tool that can scan the PE file for signatures and detect possible packers, it also detects the compiler used by the sample.
ExeInfo is a static analysis tool that can help the analyst check the PE file’s signatures, sections and detect the presence of a packer.
⚠️ YOU ARE TRYING TO DOWNLOAD A FILE THAT CONTAINS MALICIOUS EXECUTABLE ⚠️
eyehatemalwares is “PAY WHAT YOU CAN” project.
The zip file associated with this lab is password protected.
For hands-on experience, click the “Donate” button and you will be redirected to eyehatemalwares Paypal donation homepage or scan the QR Code below.
Click the “Download” button again to download the lab zip file.
After successful donation, email us the zip file name and the Paypal transaction details for the password.
Thank you for helping us build this community!
We will make sure that your donation will be use to bring more value to the community.
Contact us: About
– EHM Team