Malware Analysis Toolkit for 2010

Back in 2008 I posted a list of the tools I use for doing malware analysis. The tools I use have changed over time, and rather than just talk about a couple of recent additions, I decided I'd put a current complete list up with links. This is by no means a comprehensive list of malware analysis tools, it's just what I like and use.

Platform

• VMWare Workstation
• The "vulnerable stuff:"
  
• Windows XP
  
• Internet Explorer 7/8
• Firefox
• Acrobat Reader
• Flash Player

General Tools

• Cygwin
• Perl
• Python
  
• Hex Editor Neo
• HashCalc
• IZArc
  

Analysis Tools

• SysAnalyzer / iDEFENSE MAP
  
• GMER / catchme
  
• Multipot
  
• OSAM
• HijackThis
• Startup Control Panel
• HookExplorer
• Sysinternals Suite
• ProcL
• sniff_hit
• Wireshark (run on "Host OS" outside VM)
  

Binary Tools

• Mandiant Red Curtain
• OllyDbg 1.10
  
• Various OllyDbg plugins
  
• PEiD
• RDG Packer Detector
• pefile / packerid.py
  
• ImportREC

JavaScript & HTTP Tools

• SpiderMonkey (Didier Stevens mod)
• ieget.sh script
• crap2shellcode.pl
• Console2 Firefox plugin
• NoScript Firefox plugin
  

PDF & Flash Tools

• pdf-parser.py
• pdftk
  
• SWFTools
• Sothink SWF Decompiler

Web Sites as Tools

• Wepawet
• VirusTotal
• CWSandbox
• Comodo Instant Malware Analysis
• Malware Database
  
• MalwareURL