This list is a ToDo list to build a comfortable victim Windows machine to be infected by malware for behavioral analysis & reverse engineering, consists of some software recommendations and tips to make the analysis easy.
Windows XP is for 32bit analysis.
Windows 10 is for 64bit analysis.
Some softwares are not producing 32bit version anymore. You will need to install specific version which still produces 32bit version, in case you are working on 32bit analysis.
-
- VMware Tools (If you are using VMware)
- Process Monitor
- For Windows XP: Version v3.1
- For Windows 10: LATEST
- Process Explorer
- For Windows XP: Version 16.02
- For Windows 10: LATEST
- Autoruns
- Regshot
- Process Hacker
- API Monitor
- For Windows XP: API Monitor x32
- For Windows 10: API Monitor x64
- What's Running
- SysInspector
-
- Fiddler
- TcpLogView
-
- Notepad++
- HxD
- Resource Hacker
- CFF Explorer (Included in NTCore's Explorer Suit)
-
- IDA
- For Windows XP: IDA Pro Free v5.0
- For Windows 10: IDA Pro Free LATEST
- OllyDbg 1.10 (final version)
- x64dbg
- For Windows XP: x32dbg
- For Windows 10: x64dbg
- LoadPE
- IDA
-
- Exeinfo PE (Alternative to PEiD)
- BinText
- Detect It Easy
- Bytehist
- XORSearch [Binary]
- md5sum [Binary]
- ONLY for Windows XP
- Windows 10 can calculate HASH with buit-in PowerShell
-
- PeStudio
- Noriben
-
- UPX [Binary]
This is some tips to make your analysis easy...
-
- Administrator Command Prompt
- For Windows XP: %SystemRoot%\system32\cmd.exe
- For Windows 10: %windir%\system32\cmd.exe
- "hosts" file
- For Windows XP: %SystemRoot%\system32\drivers\etc\hosts
- For Windows 10: %windir%\system32\drivers\etc\hosts
- Internet Explore
- Administrator Command Prompt
-
- Disable ”Hide filename extension”
- Show hidden files
- Show system files
- Disable Screen Saver
- Disable Screen Lock