Tools

Some most used tools are

FLARE-VM/REMnux Tool List

• FLARE-VM

  • strings/FLOSS: https://github.com/mandiant/flare-floss

  • PEView: http://wjradburn.com/software/

  • upx (not used but referenced): https://upx.github.io/

  • PEStudio: https://www.winitor.com/download

  • Capa: https://github.com/mandiant/capa

  • Wireshark: https://www.wireshark.org/

  • Sysinternals (Procmon, TCPView): https://learn.microsoft.com/en-us/sysinternals/downloads/

  • nc/ncat: https://nmap.org/download

  • Cutter: https://github.com/rizinorg/cutter

  • x32/x64dbg: https://x64dbg.com/

  • Process Hacker 2 (now known as System Informer): https://systeminformer.sourceforge.io/

  • scdbg: https://github.com/dzzie/SCDBG

  • dnSpy/dnSpyEx: https://github.com/dnSpyEx/dnSpy

  • PEBear: https://hshrzd.wordpress.com/pe-bear/

  • YARA: https://github.com/VirusTotal/yara

• REMnux

  • base64 (built in Linux bin)

  • OLEdump: https://github.com/DidierStevens/DidierStevensSuite/blob/master/oledump.py

  • MobSF (Docker Container): https://github.com/MobSF/Mobile-Security-Framework-MobSF | https://hub.docker.com/r/opensecurity/mobile-security-framework-mobsf/

  • INetSim: https://www.inetsim.org/

  • wrestool is good tool to extract embedded PE files in windows executables.

  wrestool ./Ransowae.wannacry.exe.malz 
  wrestool -x -R --name=1 -o dump2 ./Ransomware.wannacry.exe.malz