Tuesday, February 15, 2011

Tools for file research

 So you have gotten a malware file and you want to know what it does. Or you hunt down a possibly malcious website and want to see whats at the other end without putting your pc at risk. Thanks to all the wonderful online malware research tools you can do basic file analysis without having to risk your machine. So here are some sites and tools I recommend for file research. If you have any suggestions for items to add to the list post in the comment section for I will be updating the post.

                        Online Sandboxes

1. Comodo Instant Malware Analysis is a great online sandbox to see what actions a executable preforms. It also shows what domains a file connects to and shows if a file is suspicious. If enough behavior is preformed it will also attempt to tell you what kind of malware the file is.

2. ThreatExpert from PC Tools is another great online sandbox. ThreatExpert will also email you the results of each file. If you sign up for the site it will also give you a list of all the files you submitted.

3. Norman Sandbox is another great online sandbox.



                                 Online File Scanners

1. VirusTotal (http://www.virustotal.com/) is a personal favorite of mine for online scanners. It reports back the detection result for more then 42 different antivirus engines. It also allows you to rate files as clean or malware and get to know many people in the anti-malware community.

2. Jotti if VirusTotal is not your favorite then Jotti may be your favorite online scanner. Its a great online scanner and I switch between it and VT.

              Single File Single Engine Scanners

 1. KAV Scanner (http://www.kaspersky.com/scanforvirus) allows you to upload a file and have it scanned using the Kaspersky Engine.

 

No comments:

Post a Comment