tool for malware analysis

Discussion in 'other anti-malware software' started by Incognito, Nov 8, 2008.

Thread Status:
Not open for further replies.
  1. Incognito

    Incognito Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    32
    I usually run suspicious programs in virtual pc but what I realize is even if I had malware i wouldn't know the difference between a safe and bad program. So I'm wondering if there's a program that will analysis the suspicious software while its running or beforehand?
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Not to sound too glib, but that's basically the description of an anti-virus application.

    Blue
     
  3. Incognito

    Incognito Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    32
    i use avira antivir but anti-virus'es aren't 100%
     
  4. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    maybe Anubis (short for Analyzing Unknown Binaries) is what you are looking for.

    This is just a link to a example of its Analysis Report (Trojan.Win32.Agent.dkg - Kaspersky).
    http://anubis.iseclab.org/?action=result&task_id=dc9bb8c1bd7075849d6aefff9d96c0d2&format=html

    It offers a lot of informations and a Threat and Risk Rating.
    Ikarus uses Anubis to analyze and preselect suspicious files.

    Or try other online analyzers like Norman Sandbox or CWSandbox.

    Cheers
     
  5. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    For deep analysis, you could use a hips, configuring it to your liking or yes... an antivirus. Best of all is to use both.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    You problably got the best answer from Subset :thumb: AV + HIPS are not suitable for analysis usually (for detection yes, for analysis no), although Twister antivirus uses file analysis as part of its defense (an AV) and Primary response Safe Connect (an HIPS) also shows its anaylis of programs. Rootkit analysers like AVZ provide more usefull information than most AV's + HIPS

    Cheers Kees
     
    Last edited: Nov 9, 2008
  7. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    Thinking about that, AVZ or else is more suitable like Kees said.
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    This thread may be useful
     
  9. illicit

    illicit Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    92
    I believe Mandiant has some free tools for malware analysis.
     
  10. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    A new and quickly improving one is

    http://camas.comodo.com/

    It is completely online. Just upload and wait for analyzation. It is constantly updated for new features. It runs the file on their computers and checks exactly what changes it makes like deleting other files. When its done it tells you how suspicious it is.
     
  11. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Speaking of AVZ, does anyone know a SIMPLE way to provide Win 95/98/98 SE/ME AVZ's realtime and driver support?
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Zero Wine Malware Analysis Tool is a tool I just discovered but didn't try yet.

    From the documentation:
    Credit: http://isc.sans.org/diary.html?storyid=5611
     
Loading...
Thread Status:
Not open for further replies.