Re[2]: Analize Virus

[Rafa Richart <Rafa@ontinet.com>]

Thanks very much to all the people has aswered my question, now I've many 
information 


Best regards

jueves, 02 de agosto de 2007
a las 17:39, escribió:

AS> My $.02

AS> For static or code analysis, I use IDAPro or Ollydbg as well as good
AS> old 'strings' and 'objdump', I've also been starting to play with PE
AS> Explorer lately.

AS> For dynamic studies, I'll run wireshark on my host system and use a
AS> combo of Winalysis, Process Explorer, filemon, and fport. Lately, I've
AS> been kicking SysAnalyzer around a bit.

AS> Keep in mind, more and more malware is becoming VMWare aware, so a
AS> hardware solution such as a CoreRestore card might be a good
AS> investment.

AS> In general:

AS> Behavioral Analysis:
AS> Wireshark
AS> Process Monitor
AS> Process Explorer
AS> FileMon
AS> RegMon
AS> TCPView
AS> Winalysis
AS> SysAnalyzer
AS> Snort
AS> tcpdump

AS> Static Analysis:
AS> AV Scanners
AS> IDA Pro
AS> Ollydbg
AS> strings
AS> Various unpackers
AS> PE Explorer
AS> LordPE
AS> Google

AS> HTH



AS> On 7/31/07, Rafa Richart <Rafa@ontinet.com> wrote:

>> Hi Pals,

>> we're looking for some tools to analize the Malware behaivor, we've a Lab 
>> under contrucción, but we need some advices of what tools we've to use. 
>> tools to see what have benn changin the registry, stat conexions etc...

>> Any help is wellcome.

>> Thanks in advance

>> Rafa



>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic

>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!

>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------








-- 
Saludos,
Departamento técnico
Ontinet.com, S.L.
http://www.protegerse.com
----------------------------------------------------------------------------
Noticias de seguridad, Datos sobre virus, Alertas, Bulos
Visite nuestra Enciclopedia: http://www.enciclopediavirus.com
----------------------------------------------------------------------------

***
Mensaje escrito con The Bat! versión 3.95.8
Con fecha viernes, 03 de agosto de 2007 a las 13:55


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------