SONI ALSON (+|||) KUMPULAN SOFTWARE KOMPUTER & SOFTWARE DDOS: Kumpulan Tools Analisa Malware/virus

Wednesday, February 5, 2014

Kumpulan Tools Analisa Malware/virus

Berikut ini saya berbagi tools lengkap dalam melakukan analisis malware.tools memang memudahkan kita dalam melakukan analisa malware,tapi ada baiknya sambil dipelajari lebih dalam lagi dan anda akan mengetahui seberapa "indahnya" malware itu dan mungkin sampai tahap pembuatan removalnya (bahkan sampai membuat tools untuk analisa sendiri yang tentunya bermanfaat bagi orang lain) =)

Virtualisasi
Dalam melakukan analisis, sebaiknya jangan dilakukan di sistem asli, berikut virtualisasi yang umum digunakan

VmWare - http://www.vmware.com/

VirtualBox - https://www.virtualbox.org/

SandBoxie - http://www.sandboxie.com/

Debugging

OllyDbg - http://www.ollydbg.de/

Immunity Debugger - http://immunityinc.com/products-immdbg.shtml

Windbg - http://msdn.microsoft.com/en-us/windows/hardware/gg463009

Pydbg - http://code.google.com/p/paimei/

Mendeteksi Rootkit
GMER - http://www.gmer.net/
Rootkit Revealer - http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Assembly

MASM - http://www.masm32.com/

NASM - http://www.nasm.us/

WinAsm (IDE) - http://www.winasm.net/

Disassembly

IDA (5.0) - http://www.hex-rays.com/products/ida/support/download.shtml

IDAPython - http://code.google.com/p/idapython/

PE [portable Executable]

PEView - http://www.magma.ca/~wjr/

PEBrowse - http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html

LordPE - http://www.woodmann.com/collaborative/tools/index.php/LordPE

ImpRec - http://www.woodmann.com/collaborative/tools/index.php/ImpREC

PEid - http://www.peid.info/

Analisa Process:

ProcMon - http://technet.microsoft.com/en-us/sysinternals/bb896645

Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653

Process Hacker - http://processhacker.sourceforge.net/

Jaringan

WireShark - http://www.wireshark.org/

TcpView - http://technet.microsoft.com/en-us/sysinternals/bb897437

Monitoring file dan registry

Regshot: http://sourceforge.net/projects/regshot/

Capturebat - http://www.honeynet.org/node/315

InstallWatchPro. - http://www.brothersoft.com/downloads/installwatch-pro-2.5c.html

FileMon - http://technet.microsoft.com/en-us/sysinternals/bb896642

Lainnya

CFFexplorer - http://www.ntcore.com/exsuite.php

Notepad++ - http://notepad-plus-plus.org/

Dependency walker - http://www.dependencywalker.com/

Sysinternal Tools - http://technet.microsoft.com/en-us/sysinternals/bb842062

Dev C++ - http://www.bloodshed.net/devcpp.html

Microsoft Visual C++ - http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-cpp-express

VirusTotal - http://www.virustotal.com/
Anubis - http://anubis.iseclab.org/

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

//
var message = new Array() // leave this as is

message[0] = "Welcome to my Blogger !";
message[1] = "Selamat Datang di Blog saya !";
message[2] = "Terima Kasih Sudah Mengunjungi Blog Ini";
message[3] = "Semoga Berguna!!!";
message[4] = "Jangan Lupa Folow Blog Ini!!!";
message[5] = "Maaf Kalo Ada Salah Kata !!!";

var reps = 2

var speed = 200

var p=message.length;
var T="";
var C=0;
var mC=0;
var s=0;
var sT=null;
if(reps<1)reps=1;
function doTheThing(){
T=message[mC];
A();}
function A(){
s++
if(s>9){s=1}

if(s==1){document.title='[S====] '+T+' [====S]'}
if(s==2){document.title='[=O===] '+T+' [===O=]'}
if(s==3){document.title='[==N==] '+T+' [==N==]'}
if(s==4){document.title='[===Y=] '+T+' [=Y===]'}
if(s==5){document.title='[====A] '+T+' [A====]'}
if(s==6){document.title='[===L=] '+T+' [=L===]'}
if(s==7){document.title='[==S==] '+T+' [==S==]'}
if(s==8){document.title='[=O===] '+T+' [===O=]'}
if(s==9){document.title='[N====] '+T+' [====N]'}
if(C<(8*reps)){
sT=setTimeout("A()",speed);
C++
}else{
C=0;
s=0;
mC++
if(mC>p-1)mC=0;
sT=null;
doTheThing();}}
doTheThing();
//]]>