PeStudio

STATIC MALWARE ANALYSIS TOOLS

Static Malware analysis tools are used to analyze the file or malware without running it.

The mains objectives of the STATIC MALWARE ANALYSIS are the following:

  • Scanning the file to detect the file hash
  • Identify if the file is packed, identify the file format
  • Analyzing the file’s header
  • Identifying malicious strings embedded in the file
  • Finding imports and exports used in the file

Below, you will find one of the most used tools find STATIC MALWARE ANALYSIS.

Readpe

readpe download | SourceForge.net

Readpe (also known as pev) is a set of toolkits used to work with PE (Portable Executable) binaries. The main goal of the toolkit is to provide feature-rich tools for properly analyze binaries with a strong focus on suspicious ones.

Strings  

Strings is a command-line tool used for extracting strings from binary data (the tool is available for Windows and Linux). 

The newer version of the command is Strings2 strings2: an improved string extraction tool from from binary (split-code.com)

FLARE-FLOSS

GitHub - mandiant/flare-floss: FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

The FLARE Obfuscated String Solver (FLOSS, formerly FireEye Labs Obfuscated String Solver) uses advanced static analysis techniques to automatically de-obfuscate strings from malware binaries. You can use it just like strings.exe to enhance the basic static analysis of unknown binaries.

BinText

McAfee-Tools/bintext303.zip at master · mfput/McAfee-Tools · GitHub

The tool is used to extract text from files to find plain ASCII text, Unicode text and strings.

DIE or (Detect It Easy)

NTInfo | .:NTInfo:. (horsicq.github.io)

The tool is used for determining the types of files. DIE exists in three versions. Basic version ("die"), Lite version ("diel") and console version ("diec").

Peframe

GitHub - guelfoweb/peframe: PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

Peframe is an open-source tool used to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti-debug, anti-virtual machine, suspicious sections and functions, macro and much more information about the suspicious files.

PEiD

PEiD - aldeid

An open-source detection tool that detects packers, cryptors, and compilers stored inside the PE files.

PeStudio

Winitor

The tool is very useful for the static analysis, the tool is used to find the following information:

  • File signature
  • Imports Exports
  • URL and IP addresses
  • Show Virus total score
  • Virus total scoring
  • Strings embedded in the files

Dependency walker

Dependency Walker (depends.exe) Home Page

The tool is use to identify the modules, imports, exports and dependencies of the file.

They are many others tools that you can use to perform Static Malware Analysis.

Static Malware Analysis can help to analyze the malware in a less secure environment without impacting it. However, it is always better to analyze the malware in a most secure environment like a sandbox or VM setup specially for that purpose. Static Malware Analysis is very important because it will give you more information about the malware so it is always a good practice to start the analysis of a malware statically before you go further.