From a19093ca3e4c9ac714c62046d502ed8e6988d7e4 Mon Sep 17 00:00:00 2001 From: Andrea De Pasquale Date: Sat, 9 Jun 2018 19:51:10 +0200 Subject: [PATCH 1/4] Add Exeinfo PE --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 82da7d9..c7fbccb 100644 --- a/README.md +++ b/README.md @@ -212,6 +212,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by * [ClamAV](http://www.clamav.net/) - Open source antivirus engine. * [Detect-It-Easy](https://github.com/horsicq/Detect-It-Easy) - A program for determining types of files. +* [Exeinfo PE](http://exeinfo.pe.hu/) - Packer, compressor detector, unpack + info, internal exe tools. * [ExifTool](https://sno.phy.queensu.ca/~phil/exiftool/) - Read, write and edit file metadata. * [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) - From 293fbd5c24812c5b58ee9dd3d64b60099853b7a4 Mon Sep 17 00:00:00 2001 From: Andrea De Pasquale Date: Sat, 9 Jun 2018 19:51:22 +0200 Subject: [PATCH 2/4] Add PE-bear --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c7fbccb..0755e61 100644 --- a/README.md +++ b/README.md @@ -235,6 +235,8 @@ executables. up hashes in NIST's National Software Reference Library database. * [packerid](http://handlers.sans.org/jclausing/packerid.py) - A cross-platform Python alternative to PEiD. +* [PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE + files. * [PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries. * [Rootkit Hunter](http://rkhunter.sourceforge.net/) - Detect Linux rootkits. From 43af86d04f82b5f2be4ee247b2bd8a4526634662 Mon Sep 17 00:00:00 2001 From: Andrea De Pasquale Date: Sat, 9 Jun 2018 19:51:31 +0200 Subject: [PATCH 3/4] Add SWF Investigator --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 0755e61..f9d5f72 100644 --- a/README.md +++ b/README.md @@ -386,6 +386,8 @@ executables. * [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages. * [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust ActionScript Bytecode Disassembler." +* [SWF Investigator](https://labs.adobe.com/technologies/swfinvestigator/) - + Static and dynamic analysis of SWF applications. * [swftools](http://www.swftools.org/) - Tools for working with Adobe Flash files. * [xxxswf](http://hooked-on-mnemonics.blogspot.com/2011/12/xxxswfpy.html) - A From bf8ffa2ada0fb0a51002e197158932d0836f9ff3 Mon Sep 17 00:00:00 2001 From: Andrea De Pasquale Date: Sat, 9 Jun 2018 19:51:42 +0200 Subject: [PATCH 4/4] Add dotPeek --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f9d5f72..ecd1f80 100644 --- a/README.md +++ b/README.md @@ -507,6 +507,8 @@ the [browser malware](#browser-malware) section.* - A binary analysis platform based   on QEMU. DroidScope is now an extension to DECAF. * [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler and debugger. +* [dotPeek](https://www.jetbrains.com/decompiler/) - Free .NET Decompiler and + Assembly Browser. * [Evan's Debugger (EDB)](http://codef00.com/projects#debugger) - A modular debugger with a Qt GUI. * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration