Malware Analysis Resources
This page inventories best practices, tools and documents which the Malware Analysis SIG identified and finds useful in its work. If you are aware of other helpful resources, please do submit them to ma-sig@first.org for consideration.
Best Practices
Analysis and detection techniques
Malware Analysis Books
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
By Michael Sikorski, Andrew Honig
ISBN: 978-1593272906
- Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
By Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard
ISBN: 978-0470613030
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
By Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse
ISBN: 978-1118787311
- The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory
By Michael Hale Ligh, Andrew Case
ISBN: 978-1118787311
- The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
ISBN: 978-1593272890
- Reversing: Secrets of Reverse Engineering
By Eldad Eilam
ISBN: 978-0764574818
- Windows Internals 6, Part 1 and 2
By Mark Russinovich, David Solomon, Alex Ionescu
ISBN: 978-0735648739
ISBN: 978-0735665873
- Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson and Zulfikar Ramzan
ISBN-10: 0321501950
ISBN-13: 978-0321501950
- The Art of Computer Virus Research and Defense
By Péter
ISBN-10: 0321304543
ISBN-13: 978-0321304544
- The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition
By Bill Blunden
ISBN-10: 144962636X
ISBN-13: 978-1449626365
- Rootkits: Subverting the Windows Kernel Paperback
By Greg Hoglund and James Butler
ISBN-10: 0321294319
ISBN-13: 978-0321294319
- Reverse Engineering Code with IDA Pro
By Justin Ferguson and Dan Kaminsky
ISBN-10: 159749237X
ISBN-13: 978-1597492379
- Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization
By Oleg Zaytsev
ISBN-10: 1931769591
ISBN-13: 978-1931769594
- Professional Rootkits
By Ric Vieler
ISBN-10: 0470101547
ISBN-13: 978-0470101544
Trainings and exercises
- Cuckoo Sandbox is a popular open-source sandbox to automate dynamic analysis.
- Limon is a sandbox for analyzing Linux malware.
- IDA Pro: an Interactive Disassembler and Debugger to support static analysis.
- A set of malware analysis tools:
- procdot visualizes procmon and PCAP logfiles in a single graph
- Minibis is a behavioral analysis automation framework
- Densityscout aims to identify packed executables based on Bytehist
- Viper is a binary analysis and management framework, which can help organize samples of malware.
- Radare is a disassembly framework supporting many different architectures.
- The Microsoft SysInternals Suite helps assess the state and changes of a Windows system.
- The BFK passive DNS Logger allows execution of passive DNS queries on malicious domains.
- VirusTotal is a massive repository of malware, which allows investigations into samples, domains, detection rates and -names, etc. VirusTotal Intelligence is a commercial product which provides deeper levels of access to this information.
- Deepviz - Powerful online sandbox.
- Reverse.it - Powerful online sandbox based on VxStream. The free version has already a good level of customization, and it includes basic android static analysis.
- Aleph: an Open-Source Malware Analysis System.