To do an analysis of a virus usually requires tools that can analyze a virus in detail and quick. Here are some tools you can use to analyze a virus:
1. Analysis Malcode Pack
(http://labs.idefense.com/software/download/?downloadID=8)
This tool consists of a variety of applications that can help you analyze a malcode.
Examples like ShellExt, socketTool, fakeDNS, Sheilcode2Exe and so on.
2. Autorun for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)
This application is used to determine the location of auto-starting of the startup screen in the windows.
This application will show you programs that run during system bootup or login to do.
3. RegMon for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx)
This tool can display any application that is doing the registry access in your system.
All will be displayed in real-time
4. Filemon for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx)
This tool will display the system activity from a file in the operating system in real-time.
5. Multipot (http://labs.idefense.com/software/download/?downloadID=9)
This application is designed to collect a lot of malicious code found on the Internet.
6. Process Explorer for Windows
(http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
This tool to know information about DLLs dal handles currently open process.
This application will show list of processes that were active at that time.
7. Resource Hacker (http://www.angusj.com/resourcehacker/)
Tool that can be used to change the resource on win32 executables and other resource files.
8. Rootkit Unhooker (http://www.antirootkit.com/software/RootKit-Unhooker.htm)
Applications for mendateksi rootkits.
Some of the features offered include Ultimate Drivers Detection, Hidden Files Detection and so on.
9. SysAnalyzer (http://labs.idefense.com/software/download/?downloadID=15)
This tool can analyze malcode automatically run time to monitor what is being done by the system and running processes.
10. PE Identifier (http://www.peid.info/)
This application is used to detect the Packers, cryptors.
This tool can mendeteks more than 600 different signatures of the PE file.
11. VB Decompiler Lite (http://www.vb-decompiler.org/download.htm)
A program to program Decompiler berextensi EXE, DLL and OCX.
12. EXE MiTec Explorer (http://www.mitec.cz/exe.html)
This tool was created as an executable reader.
This application is able to read and displays executable file properties and structure of a file being analyzed.
0 comments:
Post a Comment