11 Best Malware Analysis Tools and Their Features
1. PeStudio > My first port of call for analyzing a Windows executable is always PeStudio . This is an excellent tool for conducting an initial triage of a malware sample and allows me to quickly pull out any suspicious artifacts. Once a binary has been loaded it will quickly provide the user with hashes of the malware and any detections found in VirusTotal. A list of strings is also pulled however if the sample is packed this may not return any strong IOCs, unpacking the sample, and then reviewing the strings will often provide useful information such as malicious domains and IP addresses. The screenshot above also shows the ‘entropy’ of the malware. This helps identify whether the malware is packed or not. When a sample is packed this means the malware author has effectively put a layer of code around the malware in order to obfuscate its true functionality and prevent analysis of the malware. To assist with identifying packed malware PeStudio displays the le