hosted by
tim layton

resources for cybersecurity researchers and malware reverse engineering for x86 windows systems

misc. tools & packages
behavioral analysis
code analysis
Visual C++ 2008 Redistribute Pkg x86
process monitor - monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
OllyDbg - a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

process explorer - shows you information about which handles and DLLs processes have opened or loaded.
IDA Pro Freeware - Hex-Rays continues to develop and support the IDA disassembler. This famous software analysis tool, which is a de-facto standard in the software security industry.
VMware - all platforms - commercial product

capturebat - a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents, which provides an analyst with insights on how the software operates even if no source code is available. Capture BAT monitors state changes on a low kernel level and can easily be used across various Win32 operating system versions and configurations.
lordPE - a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit, etc.
virtualbox - (free) - a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use.

wireshark - the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level.
ollyDump - Dump debuggee process memory and Rebuild IAT.
RCE tools library - community place to share malware analysis tools

tcpdump & libpcap - a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

Programming - C, Assembly

regshot - open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one.

online analysis tools - anubis - threat expert - document analyzer - malwr - xecscan - xandora - comodo - valkyrie - link scanner by AVG - norton safeweb - f-secure

autoruns - has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them.

Understsand where a sanbox fits into mawlare analysis - article

process hacker - (alternative to process monitor) - a detailed overview of system activity with highlighting.

smart sniff - a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers.

GNU - GNU is a Unix-like operating system that is free software—it respects your freedom. You can install versions of GNU (more precisely, GNU/Linux systems) which are entirely free software.

iNetSim - a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.

Ubuntu - Fast, free and incredibly easy to use, the Ubuntu operating system powers millions of desktop PCs, laptops and servers around the world.

old iDefense software (MAP - malware analyst pack) - I use fakedns and mailPot