Setting Up Our Environment

Virtual environment

HypervisorOperating System

Virtual Box or VMware

Windows 10 or Flare VM

  • Hypervisor - VirtualBox or VMware

  • OS - Windows 7 VM 32/64bit - 64 bit preferable.

    • Flare VM - Windows malware analysis distribution. Comes prepackaged with all the tools we need for malware analysis

Note: Ensure you disable Windows Update and Windows Defender on your analysis VM.

Security Guidelines

  • Keep your Hypervisor updated.

  • When executing malware ensure your network configuration is set to host-only.

  • Do not plug any USB devices into the VM.

  • Make sure you download compressed and password-protected samples to avoid accidental execution.

  • Take snapshots!

  • Do not store any valuable data on your analysis VM.

  • Disable shared folders, before execution or analysis.

Tools

  • HxD - Hex Editor

  • Exeinfo PE - Retrieves the windows PE header information. It also detects if the executable has been packed and detects the paker version and how to unpack it.

  • Pestudio

  • CFF Explorer

Last updated