Malware Analyzer是一个开放源代码的恶意软件分析工具,它具有如下功能:
String based analysis for registry, API calls, IRC Commands, DLL’s called and VMAware.
Display detailed headers of PE with all its section details, import and export symbols etc.
On distros, can perform an ASCII dump of the PE along with other options (check –help argument).
For windows , it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
ASCII dump on windows machine.
Code Analysis (disassembling)
Online malware checking (www.virustotal.com )
Check for Packer from the Database.
Tracer functionality: Can be used to identify
Anti-debugging Calls tricks, File system manipulations Calls Rootkit Hooks, Keyboard Hooks, DEP Setting Change, Network Identification traces.
Signature Creation: Allows to create signature of malware.
目前Malware Analyzer更新至3.0版,新版主要改变如下:
Added Banking Trojan Traces
Added Dynamic Registry Analysis
Process listing displays loaded modules information for all processes
Improved Traces signatures