Malware Forensics/Analysis Tools?
I am looking into different tools (commercial and freeware) that can assist in malware analysis, I have used NormanData and a collection of various tools monitoring malware in VMs to see what the code does regarding memory, registry keys, and filesystem manipluation, as well as some basic dissassemblers.
I'm not looking for commercial AV software as it does little in terms of showing what the malware is doing, and also can mostly only detect known/previously identified malware, not new malware. Likewsie submitting samples to AV vendors seldom results in them issuing detailed write ups of what the piece of malware was designed to do/does nor do they give full disclosure info that may assist in other areas of inevstigation.
Thanks & Regards,
Looks like you've pretty much got it covered…
Its also worth considering some of the decompilers out there, particularly as you'll find that Malware executables are often packed using UXP and such like.
Typical programs such as IDA Pro and PE Explorer are worth a shot….
I know this thread is a couple of months old now, and you may be well on your way with this, but thought i'd mention, there are some articles (currently 4 parts) on WindowSecurity.com which involves taking malware apart and analysing it.
Never did finish reading it myself actually, so that's a job for this weekend.