這個一個免費的惡意程式分析工具,進行靜態和動態分析,支援 Windows 平台,且非常容易上手。
Malware Analyser 3.1 特色:1.String based analysis for registry, API calls, IRC Commands, DLL’s called and VMAware.
2.Display detailed headers of PE with all its section details, import and export symbols etc.
3.On distros, can perform an ASCII dump of the PE along with other options (check –help argument).
4.For windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
5.ASCII dump on windows machine.
6.Code Analysis (disassembling)
7.Online malware checking (www.virustotal.com) - 會自動把 md5 丟到 virustotal 比對
8.Check for Packer from the Database.
9.Tracer functionality: Can be used to identify
10.Anti-debugging Calls tricks, File system manipulations Calls Rootkit 11.Hooks, Keyboard Hooks, DEP Setting Change, Network Identification traces.
12.Signature Creation: Allows to create signature of malware.
13.Batch Mode Scan to Scan all DLL and Exe in directories and sub-directories
使用方法:
command:
run 樣本.exe
run gh0st.exe
Note:工具只是輔助,並不是百分百偵測率,對於特殊樣本,針對病毒碼特徵與動態分析做繞過的動作 ( 免殺FUD ),一般常見分析工具,基本上是檢測不到!
