Executables
Reverse engineering, static, and dynamic analysis of executables
Website: http://www.rohitab.com/apimonitor
Description: Tool to monitor API calls by applications
Author: Rohitab Batra
License:
Version: v2r13
Notes:
Website: https://mcafee.com
Description: Finds Ascii, Unicode, and Resource strings in a file
Author: Mcafee
License: Free
Version: 3.03
Notes:
Website: https://github.com/mandiant/capa
Description: FLARE tool to identify capabilities in executables
Author: Mandiant
License: Apache License 2.0 (https://github.com/mandiant/capa/blob/master/LICENSE.txt)
Version: 4.0.1
Notes:
Website: https://github.com/rizinorg/cutter
Description: Reverse Engineering Platform powered by rizin
Author: Rizin Organization
License: GNU General Public License v3 (https://github.com/rizinorg/cutter/blob/dev/COPYING)
Version: 2.1.2
Notes:
Website: https://github.com/rocky/python-decompile3/
Description: Python3 bytecode decompiler
Author: Rocky R. Bernstein
License: GNU General Public License v3 (https://github.com/rocky/python-decompile3/blob/master/COPYING)
Version: 3.9.0
Notes:
Website: https://github.com/horsicq/DIE-engine
Description: Reverse Engineering Engine
Author: Hors (horsicq)
License: MIT License (https://github.com/horsicq/DIE-engine/blob/master/LICENSE)
Version: 3.06
Notes: Detect It Easy - DIE
Website: https://www.jetbrains.com
Description: .NET Decompiler and Assembly Browser
Author: JetBrains
License: EULA (https://www.jetbrains.com/legal/docs/toolbox/license_personal/)
Version: 2022.2.4
Notes:
Website: https://github.com/ExeinfoASL/ASL
Description: EXE, Packer, Compiler detection
Author: ExeinfoASL
License: None Listed
Version: 0.0.7.6
Notes:
Website: https://www.trellix.com
Description: Static file analysis tool
Author: McAfee / Trellix
License: Software Royalty-Free License (https://www.trellix.com/en-us/downloads/free-tools/terms-of-use.html)
Version: 3.0
Notes:
Website: https://github.com/mandiant/flare-floss
Description: Extract obfuscated strings from malware
Author: Mandiant
License: Apache License v2.0 (https://github.com/mandiant/flare-floss/blob/master/LICENSE.txt)
Version: 2.1.0
Notes:
Website: https://github.com/hasherezade/hollows_hunter
Description: Scans running processes for implants and dumps them if found
Author: hasherezade
License: BSD 2-Clause Simplified License (https://github.com/hasherezade/hollows_hunter/blob/master/LICENSE)
Version: 0.3.5
Notes:
Website: https://github.com/icsharpcode/ilspy
Description: .NET Decompiler
Author: ICSharpCode (https://github.com/orgs/icsharpcode/people)
License: MIT License (https://github.com/icsharpcode/ILSpy/blob/master/doc/ILSpyAboutPage.txt)
Version: 7.2.1.6856
Notes:
Website: https://magnetforensics.com
Description: Tool to dump a running process
Author: Magnet Forensics
License: EULA
Version: v13
Notes:
Website: https://malcat.fr
Description: Malware Analysis Tool
Author: Malcat EL
License: https://malcat.fr/index.html#faq6
Version: 0.9.0
Notes:
Website: https://github.com/hasherezade/mal_unpack
Description: Dynamic unpacker based on PE-sieve
Author: hasherezade
License: BSD 2-Clause Simplified License (https://github.com/hasherezade/mal_unpack/blob/master/LICENSE)
Version: 0.9.6
Notes:
Website: https://github.com/rurik/noriben
Description: Malware Analysis Sandbox based on Python
Author: Brian Baskin (Rurik)
License: Apache License v2 (https://github.com/Rurik/Noriben/blob/master/LICENSE)
Version: 1.8.7
Notes:
Website: https://ntcore.com
Description: PE Analysis tool suite
Author: Erik Pistelli
License:
Version: IV
Notes:
Website: https://github.com/hasherezade/pe-bear
Description: Portable Executable reversing tool with a GUI
Author: hasherezade
License: GNU General Public License v2 (https://github.com/hasherezade/pe-bear/blob/main/LICENSE)
Version: 0.6.1
Notes:
Website: https://github.com/wolfram77web/app-peid
Description: Portable Executable identifier
Author: snaker / Qwerton / Jibz
License: All Rights Reserved
Version: 0.95
Notes:
Website: https://github.com/hasherezade/pe-sieve
Description: Scans a process and dumps possible implants
Author: hasherezade
License: BSD 2-Clause Simplified License (https://github.com/hasherezade/pe-sieve/blob/master/LICENSE)
Version: 0.3.5
Notes:
Website: https://www.winitor.com
Description: PE Analysis Tool
Author: Marc Ochsenmeier
License: As-Is, without warranty (https://www.winitor.com/tools/pestudio/changes.log)
Version: 9.47
Notes:
Website: https://github.com/merces/pev
Description: PE Analysis toolkit
Author: Fernando Merces
License: GNU General Public License v2.0 (https://github.com/merces/pev/blob/master/LICENSE)
Version: 0.81
Notes:
Website: https://www.mzrst.com/
Description: Professional PE file Explorer
Author: Zaderostam
License:
Version: 1.12
Notes:
Website: https://www.procdot.com
Description: Visual analysis of Windows-based malware
Author: Christian Wojner
License: Internet Systems Consortium (ISC - https://www.procdot.com/faqs.htm, https://www.procdot.com/webhelp/index.html?license.htm)
Version: 1.22 (build 57)
Notes: Requires Windows Graphviz and Windump/TCPDump, but Windump/TCPDump are not supported on Win10+
Website: https://processhacker.sourceforge.io
Description: Process analysis and dumping tool
Author: Steven G (dmex) / Wen Jia Liu / WinSiderss
License: GNU General Public License v3 - https://processhacker.sourceforge.io/gpl.php
Version: 2.39.0.124
Notes:
Website: https://github.com/CyberCentreCanada/assemblyline-service-overpower
Description: Powershell script to deobfuscate encoded Powershell scripts
Author: R3MRUM / CyberCentreCanada
License:
Version: 5.0
Notes:
Website: http://www.angusj.com/resourcehacker
Description: Compiler and Decompiler for Windows applications
Author: Angus Johnson
License: Freeware (http://www.angusj.com/resourcehacker - License to Use)
Version: 5.1.7
Notes:
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=152
Description: Shellcode analysis tool
Author: https://github.com/dzzie/VS_LIBEMU/blob/master/AUTHORS
License:
Version: 2022.11.1
Notes:
Website: https://github.com/ntquery/scylla
Description: Imports Reconstructor written in C/C++
Author: NtQuery
License: GNU General Public License v3 (https://github.com/NtQuery/Scylla/blob/master/LICENSE)
Version: 0.9.8
Notes: May not work well on later versions of Windows 10 and any version of Windows 11
Website: https://blog.didierstevens.com/2010/10/17/setdllcharacteristics/
Description: Manually edit the characteristics of DLL's
Author: Didier Stevens
License: Public Domain
Version: 0.0.0.1
Notes:
Website: https://github.com/upx/upx
Description: The Ultimate Packer for eXecutables
Author: Markus Oberhumer, Laszlo Molnar, John Reiser
License: Multiple Licenses (https://github.com/upx/upx/blob/devel/LICENSE)
Version: 4.0.1
Notes:
Website: https://www.vb-decompiler.org
Description: Visual Basic Decompiler
Author: DotFix Software
License: https://www.vb-decompiler.org/license.htm
Version: 12.0
Notes:
Website: https://www.microsoft.com
Description: Windows Debugger
Author: Microsoft
License:
Version: 1.2210.3001.0
Notes: Installed via winget
Website: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview
Description: Windows-based Sandbox Environment
Author: Microsoft
License:
Version: 10.0.19041.985
Notes:
Website: https://sourceforge.net/projects/x64dbg/
Description: Open Source x64/x32 debugger for Windows
Author: Duncan Ogilvie (mrexodia)
License: GNU General Public License v3 (https://github.com/x64dbg/x64dbg/blob/development/LICENSE)
Version: 2022-12-02_11-56
Notes:
Last modified 7mo ago