Setting Up Our Environment

Virtual environment

Hypervisor

Operating System

Virtual Box or VMware

Windows 10 or Flare VM

Hypervisor - VirtualBox or VMware
OS - Windows 7 VM 32/64bit - 64 bit preferable.
- Flare VM - Windows malware analysis distribution. Comes prepackaged with all the tools we need for malware analysis

Note: Ensure you disable Windows Update and Windows Defender on your analysis VM.

Security Guidelines

Keep your Hypervisor updated.
When executing malware ensure your network configuration is set to host-only.
Do not plug any USB devices into the VM.
Make sure you download compressed and password-protected samples to avoid accidental execution.
Take snapshots!
Do not store any valuable data on your analysis VM.
Disable shared folders, before execution or analysis.

Tools

HxD - Hex Editor
Exeinfo PE - Retrieves the windows PE header information. It also detects if the executable has been packed and detects the paker version and how to unpack it.
Pestudio
CFF Explorer

PreviousWhat is Malware Analysis ?NextStatic Analysis

Last updated 12 months ago