Executables

Reverse engineering, static, and dynamic analysis of executables

API Monitor v2 Alpha

Website: http://www.rohitab.com/apimonitor Description: Tool to monitor API calls by applications Author: Rohitab Batra License: Version: v2r13 Notes:

Bintext

Website: https://mcafee.com Description: Finds Ascii, Unicode, and Resource strings in a file Author: Mcafee License: Free Version: 3.03 Notes:

capa

Website: https://github.com/mandiant/capa Description: FLARE tool to identify capabilities in executables Author: Mandiant License: Apache License 2.0 (https://github.com/mandiant/capa/blob/master/LICENSE.txt) Version: 6.1.0 Notes:

Codetrack

Website: https://www.getcodetrack.com Description: .NET Performance Profiler Author: Nico Van Goethem License: Freeware (see the About section in the application) Version: 1.0.3.3 Notes: No longer maintained

Cutter

Website: https://github.com/rizinorg/cutter Description: Reverse Engineering Platform powered by rizin Author: Rizin Organization License: GNU General Public License v3 (https://github.com/rizinorg/cutter/blob/dev/COPYING) Version: 2.3.2 Notes:

Decompyle3

Website: https://github.com/rocky/python-decompile3/ Description: Python3 bytecode decompiler Author: Rocky R. Bernstein License: GNU General Public License v3 (https://github.com/rocky/python-decompile3/blob/master/COPYING) Version: 3.9.0 Notes:

densityscout

Website: https://cert.at Description: Tool to identify entropy within files Author: Christian Wojner / CERT.at (https://cert.at/en/about-us/overview/) License: Internet Software Consortium License (ISCL - https://cert.at/en/downloads/software/software-densityscout) Version: Build 45 Notes:

DIE (Detect It Easy)

Website: https://github.com/horsicq/DIE-engine Description: Reverse Engineering Engine Author: Hors (horsicq) License: MIT License (https://github.com/horsicq/DIE-engine/blob/master/LICENSE) Version: 3.08 Notes: Detect It Easy - DIE

dotPeek

Website: https://www.jetbrains.com Description: .NET Decompiler and Assembly Browser Author: JetBrains License: EULA (https://www.jetbrains.com/legal/docs/toolbox/license_personal/) Version: 2023.2.2 Notes:

exeinfope

Website: https://github.com/ExeinfoASL/ASL Description: EXE, Packer, Compiler detection Author: ExeinfoASL License: None Listed Version: 0.0.8.1 Notes:

File Insight

Website: https://www.trellix.com Description: Static file analysis tool Author: McAfee / Trellix License: Software Royalty-Free License (https://www.trellix.com/en-us/downloads/free-tools/terms-of-use.html) Version: 3.0 Notes:

FLOSS (FLARE Obfuscated String Solver)

Website: https://github.com/mandiant/flare-floss Description: Extract obfuscated strings from malware Author: Mandiant License: Apache License v2.0 (https://github.com/mandiant/flare-floss/blob/master/LICENSE.txt) Version: 2.3.0 Notes:

hollows_hunter

Website: https://github.com/hasherezade/hollows_hunter Description: Scans running processes for implants and dumps them if found Author: hasherezade License: BSD 2-Clause Simplified License (https://github.com/hasherezade/hollows_hunter/blob/master/LICENSE) Version: 0.3.6 Notes:

IDA Free

Website: https://hex-rays.com/ida-free Description: Binary analysis tool for x86/x64 applications Author: hex-rays License: Free for Educational, Personal, and non-Commercial use Version: 8.3 Notes:

ilspy

Website: https://github.com/icsharpcode/ilspy Description: .NET Decompiler Author: ICSharpCode (https://github.com/orgs/icsharpcode/people) License: MIT License (https://github.com/icsharpcode/ILSpy/blob/master/doc/ILSpyAboutPage.txt) Version: 8.1.1.7464 Notes:

KsDumper 11

Website: https://github.com/mastercodeon314/KsDumper-11 Description: Kernel Space Dumper utility Author: mastercodeon314 License: None at this time Version: 1.0 Notes:

MagnetProcessCapture

Website: https://magnetforensics.com Description: Tool to dump a running process Author: Magnet Forensics License: EULA Version: v13 Notes:

MalCat

Website: https://malcat.fr Description: Malware Analysis Tool Author: Malcat EL License: https://malcat.fr/index.html#faq6 Version: 0.9.3 Notes:

mal_unpack

Website: https://github.com/hasherezade/mal_unpack Description: Dynamic unpacker based on PE-sieve Author: hasherezade License: BSD 2-Clause Simplified License (https://github.com/hasherezade/mal_unpack/blob/master/LICENSE) Version: 0.9.7 Notes:

Noriben

Website: https://github.com/rurik/noriben Description: Malware Analysis Sandbox based on Python Author: Brian Baskin (Rurik) License: Apache License v2 (https://github.com/Rurik/Noriben/blob/master/LICENSE) Version: 1.8.7 Notes:

NTCore Explorer Suite

Website: https://ntcore.com Description: PE Analysis tool suite Author: Erik Pistelli License: Version: IV Notes:

PE-bear

Website: https://github.com/hasherezade/pe-bear Description: Portable Executable reversing tool with a GUI Author: hasherezade License: GNU General Public License v2 (https://github.com/hasherezade/pe-bear/blob/main/LICENSE) Version: 0.6.5.2 Notes:

PEiD

Website: https://github.com/wolfram77web/app-peid Description: Portable Executable identifier Author: snaker / Qwerton / Jibz License: All Rights Reserved Version: 0.95 Notes:

pe-sieve

Website: https://github.com/hasherezade/pe-sieve Description: Scans a process and dumps possible implants Author: hasherezade License: BSD 2-Clause Simplified License (https://github.com/hasherezade/pe-sieve/blob/master/LICENSE) Version: 0.3.6 Notes:

PEStudio

Website: https://www.winitor.com Description: PE Analysis Tool Author: Marc Ochsenmeier License: As-Is, without warranty (https://www.winitor.com/tools/pestudio/changes.log) Version: 9.53 Notes:

pev

Website: https://github.com/mentebinaria/readpe Description: PE Analysis toolkit Author: Fernando Merces License: GNU General Public License v2.0 (https://github.com/mentebinaria/readpe/blob/master/LICENSE) Version: 0.82 Notes:

PortexAnalyzer GUI

Website: https://github.com/struppigel/PortexAnalyzerGUI Description: GUI for PortEx, a Portable Executable and Malware Analysis Library Author: Karsten Hahn License: Apache License 2.0 (https://github.com/struppigel/PortexAnalyzerGUI/blob/main/LICENSE) Version: 0.12.12 Notes:

PPEE (puppy)

Website: https://www.mzrst.com/ Description: Professional PE file Explorer Author: Zaderostam License: Version: 1.12 Notes:

ProcDOT

Website: https://www.procdot.com Description: Visual analysis of Windows-based malware Author: Christian Wojner License: Internet Systems Consortium (ISC - https://www.procdot.com/faqs.htm, https://www.procdot.com/webhelp/index.html?license.htm) Version: 1.22 (build 57) Notes: Requires Windows Graphviz and Windump/TCPDump, but Windump/TCPDump are not supported on Win10+

Process Hacker

Website: https://processhacker.sourceforge.io Description: Process analysis and dumping tool Author: Steven G (dmex) / Wen Jia Liu / WinSiderss License: GNU General Public License v3 - https://processhacker.sourceforge.io/gpl.php Version: 2.39.0.124 Notes:

PSDecode

Website: https://github.com/CyberCentreCanada/assemblyline-service-overpower Description: Powershell script to deobfuscate encoded Powershell scripts Author: R3MRUM / CyberCentreCanada License: Version: 5.0 Notes:

Rehex (Reverse Engineers' Hex Editor)

Website: https://github.com/solemnwarning/rehex Description: Hex Editor with useful tools for Reverse Engineering Author: Daniel Collins License: GNU General Public License v2 (https://github.com/solemnwarning/rehex/blob/master/LICENSE.txt) Version: 0.60.1 Notes:

Resource Hacker

Website: http://www.angusj.com/resourcehacker Description: Compiler and Decompiler for Windows applications Author: Angus Johnson License: Freeware (http://www.angusj.com/resourcehacker - License to Use) Version: 5.2.1 Notes:

scdbg

Website: http://sandsprite.com/blogs/index.php?uid=7&pid=152 Description: Shellcode analysis tool Author: David Zimmer License: Version: Jul 10 2023 14:21:55 Notes:

Scylla

Website: https://github.com/ntquery/scylla Description: Imports Reconstructor written in C/C++ Author: NtQuery License: GNU General Public License v3 (https://github.com/NtQuery/Scylla/blob/master/LICENSE) Version: 0.9.8 Notes: May not work well on later versions of Windows 10 and any version of Windows 11

setdllcharacteristics

Website: https://blog.didierstevens.com/2010/10/17/setdllcharacteristics/ Description: Manually edit the characteristics of DLL's Author: Didier Stevens License: Public Domain Version: 0.0.0.1 Notes:

Total PE 2

Website: https://github.com/zodiacon/TotalPE2 Description: PE Viewer Author: Pavel Yosifovich License: MIT License (https://github.com/zodiacon/TotalPE2/blob/master/LICENSE.txt) Version: 0.6.5.0 Notes:

TrID

Website: https://mark0.net/soft-trid-e.html Description: File identifier based on their binary signatures Author: Marco Pontello License: Free for personal / non-commercial use Version: 2.2.4 Notes:

UPX

Website: https://github.com/upx/upx Description: The Ultimate Packer for eXecutables Author: Markus Oberhumer, Laszlo Molnar, John Reiser License: Multiple Licenses (https://github.com/upx/upx/blob/devel/LICENSE) Version: 4.1.0 Notes:

VB-Decompiler

Website: https://www.vb-decompiler.org Description: Visual Basic Decompiler Author: DotFix Software License: https://www.vb-decompiler.org/license.htm Version: 12.2 Notes:

WinDbg

Website: https://www.microsoft.com Description: Windows Debugger Author: Microsoft License: Third-party notices within app Version: 1.2308.2002.0 Notes: Installed via winget

Windows Sandbox

Website: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview Description: Windows-based Sandbox Environment Author: Microsoft License: Version: 10.0.19041.985 Notes:

x64dbg

Website: https://sourceforge.net/projects/x64dbg/ Description: Open Source x64/x32 debugger for Windows Author: Duncan Ogilvie (mrexodia) License: GNU General Public License v3 (https://github.com/x64dbg/x64dbg/blob/development/LICENSE) Version: 2023-11-18_02-28 Notes: