tool for malware analysis

I usually run suspicious programs in virtual pc but what I realize is even if I had malware i wouldn't know the difference between a safe and bad program. So I'm wondering if there's a program that will analysis the suspicious software while its running or beforehand?

 

Not to sound too glib, but that's basically the description of an anti-virus application.

Blue

 

i use avira antivir but anti-virus'es aren't 100%

 

Hi,

maybe Anubis (short for Analyzing Unknown Binaries) is what you are looking for.

This is just a link to a example of its Analysis Report (Trojan.Win32.Agent.dkg - Kaspersky).
http://anubis.iseclab.org/?action=result&task_id=dc9bb8c1bd7075849d6aefff9d96c0d2&format=html

It offers a lot of informations and a Threat and Risk Rating.
Ikarus uses Anubis to analyze and preselect suspicious files.

Or try other online analyzers like Norman Sandbox or CWSandbox.

Cheers

 

For deep analysis, you could use a hips, configuring it to your liking or yes... an antivirus. Best of all is to use both.

 

You problably got the best answer from Subset AV + HIPS are not suitable for analysis usually (for detection yes, for analysis no), although Twister antivirus uses file analysis as part of its defense (an AV) and Primary response Safe Connect (an HIPS) also shows its anaylis of programs. Rootkit analysers like AVZ provide more usefull information than most AV's + HIPS

Cheers Kees

 

Thinking about that, AVZ or else is more suitable like Kees said.

 

This thread may be useful

 

I believe Mandiant has some free tools for malware analysis.

 

A new and quickly improving one is

http://camas.comodo.com/

It is completely online. Just upload and wait for analyzation. It is constantly updated for new features. It runs the file on their computers and checks exactly what changes it makes like deleting other files. When its done it tells you how suspicious it is.

 

Speaking of AVZ, does anyone know a SIMPLE way to provide Win 95/98/98 SE/ME AVZ's realtime and driver support?

 

Zero Wine Malware Analysis Tool is a tool I just discovered but didn't try yet.

From the documentation:

Credit: http://isc.sans.org/diary.html?storyid=5611