STATIC MALWARE ANALYSIS TOOLS
Static Malware analysis tools are used to analyze the file or malware without running it.
The mains objectives of the STATIC MALWARE ANALYSIS are the following:
- Scanning the file to detect the file hash
- Identify if the file is packed, identify the file format
- Analyzing the file’s header
- Identifying malicious strings embedded in the file
- Finding imports and exports used in the file
Below, you will find one of the most used tools find STATIC MALWARE ANALYSIS.
Readpe
readpe download | SourceForge.net
Readpe (also known as pev) is a set of toolkits used to work with PE (Portable Executable) binaries. The main goal of the toolkit is to provide feature-rich tools for properly analyze binaries with a strong focus on suspicious ones.
Strings
Strings is a command-line tool used for extracting strings from binary data (the tool is available for Windows and Linux).
The newer version of the command is Strings2 strings2: an improved string extraction tool from from binary (split-code.com)
FLARE-FLOSS
The FLARE Obfuscated String Solver (FLOSS, formerly FireEye Labs Obfuscated String Solver) uses advanced static analysis techniques to automatically de-obfuscate strings from malware binaries. You can use it just like strings.exe to enhance the basic static analysis of unknown binaries.
BinText
McAfee-Tools/bintext303.zip at master · mfput/McAfee-Tools · GitHub
The tool is used to extract text from files to find plain ASCII text, Unicode text and strings.
DIE or (Detect It Easy)
NTInfo | .:NTInfo:. (horsicq.github.io)
The tool is used for determining the types of files. DIE exists in three versions. Basic version (“die”), Lite version (“diel”) and console version (“diec”).
Peframe
Peframe is an open-source tool used to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti-debug, anti-virtual machine, suspicious sections and functions, macro and much more information about the suspicious files.
PEiD
An open-source detection tool that detects packers, cryptors, and compilers stored inside the PE files.
PeStudio
The tool is very useful for the static analysis, the tool is used to find the following information:
- File signature
- Imports Exports
- URL and IP addresses
- Show Virus total score
- Virus total scoring
- Strings embedded in the files
Dependency walker
Dependency Walker (depends.exe) Home Page
The tool is use to identify the modules, imports, exports and dependencies of the file.
They are many others tools that you can use to perform Static Malware Analysis.
Static Malware Analysis can help to analyze the malware in a less secure environment without impacting it. However, it is always better to analyze the malware in a most secure environment like a sandbox or VM setup specially for that purpose. Static Malware Analysis is very important because it will give you more information about the malware so it is always a good practice to start the analysis of a malware statically before you go further.
Bangaly Koita is a Cyber Security Analyst and researcher working for Radarcs Cyber Security in Vienna-Austria. As a passionate in cyber security, he writes articles to share his knowledge and experience to the vast community of IT but in general Cyber Security.
