Thursday, September 22, 2005

AT4RE FastScanner

AT4RE FastScanner is one of packer, PE info, compiler, cryptor detector  with plug-in capabilities. This tools works same like other packed detector to give alternative usage for user.





An example show you PE file is being analyzed with all basic information shown.


Show you PE section with all available offset.


Disassembler is another advantage giving user to analyze and finding useful instruction.


AT4RE FastScanner can be downloaded from:
Here

Wednesday, September 21, 2005

PROTECTiON iD

Another small tools with great features. As I downloaded the latest one, there interfaces was changed and little bit confuse if some user new to it but again this great tools comes with special features.



Features

- detection of every major PC ISO Game / App protection
- sector scanning CDs / DVDs for Copy Protections
- covers more than 430 (different!) protections including exe protectors, .net protectors, packers, dongles, licenses & installers
- files / folders can simply be drag & droped into pid (link files will re resolved too)
- strong scanning routines allowing it to detect multiple protections in one file
- easy scanning via shell context menu
- usefully misc tools included
- coded 100% in Win32 assembly language
- fully 32bit & 64bit compliant
- working on every Windows OS from Win9x to windows Vista
- no additional files are required (like VB Runtimes, MSVC dlls or ASPI drivers)


PROTECTION ID can be downloaded from:
Here

Wednesday, September 14, 2005

Malware Analysis Tools

Most of anti virus developer has their own technique and skill to get rid of mal-ware content. Making analysis for the captured mal-ware is very important before deciding whether it is harmful or not. Anti virus or security company with Malware Analyst job has their own & useful tools to trace malware like behaviour. Well, here it is some basic tools for Reverse Code Engineering. Click on each list for detail:

PE Editor/Memory Dump:
LordPE Deluxe
OllyDump

Explorer Suite (Combine with all the tools we need).

Packer/ID Detector:
TrID
PEiD
ExeInfo PE
Protection ID
AT4RE FastScanner
DiE (Detect it Easy)
RDG Packer Detector
Jim Clausing's Malware Packer Signatures
Neil's Collection of Packer Signatures
packerid.py (Python)

Sometime, one packed detector is not enough. Not all detector can detect all packer.

Disassembly/Debugger Tools:
OllyDebugger, OllyScript
Interactive Disassembler (IDA)

Resource Viewer:
PE Explorer
ResHacker

Process Monitor:
Sysinternals Process Explorer

File & Folder Watcher:
SpyMe Tools

Registry Snapshot:
RegShot

Network Tools:
WireShark
NMap
Snort

Honeypot:
HiHAT (Website)

Sandbox:
Sandboxie

Other Miscellanous tools:
Sandboxie
VMWare
Microsoft Virtual PC

Online tools:
VirusTotal
ThreatExpert