APPENDIX
A
Tools List
This appendix lists all the tools discussed throughout the book.
Free online antivirus scanners
Trend Micro’s HouseCall http://housecall.trendmicro.com/
F-Secure Online Scanner http://www.f-secure.com/en/web/home_global/online-scanner
Free malware removal tools
Microsoft Security Essentials http://windows.microsoft.com/en-us/windows/security-essentials-download
Comodo Cleaning Essentials http://www.comodo.com/business-security/network-protection/cleaning_essentials.php
Kaspersky Security Scan http://www.kaspersky.com/free-virus-scan
Rootkit detectors
Rootkit Revealer by Microsoft http://download.cnet.com/RootkitRevealer/3000-2248_4-10543918.html
TDSSKiller by Kaspersky https://support.kaspersky.com/us/viruses/utility#TDSSKiller
Startup examination tools
Autoruns by Microsoft http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Autorun Analyzer by Comodo http://www.comodo.com/business-security/network-protection/cleaning_essentials.php
Boot analyzer tools
Gmer’s MBR.EXE http://www.gmer.net
MbrScan http://eric71.geekstogo.com/tools/MbrScan.exe
MBR Backup http://www.trojanhunter.com/products/mbr-backup/
Boot Sector Explorer http://www.pendriveapps.com/boot-sector-explorer-backup-and-restore-mbr/
Nate’s MBR and Boot Sector Analyzer http://www.aqfire.com/boot/
WinHex, MBR/boot sector editor http://www.winhex.com/disk-editor.html
Process Explorer by Microsoft http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
KillSwitch by Comodo http://www.comodo.com/business-security/network-protection/cleaning_essentials.php
Honeypots
Dionaea http://dionaea.carnivore.it
Windows 7 USB/DVD Download Tool http://images2.store.microsoft.com/prod/clustera/framework/w7udt/1.0/en-us/Windows7-USB-DVD-tool.exe
Secunia Online Software Inspector http://secunia.com/vulnerability_scanning/online/
Firefox add-ons and plug-ins
NoScript
Better Privacy
RequestPolicy
Web of Trust (WOT)
Adblock Plus
Proxy servers
Hide My Ass! http://hidemyass.com/proxy/
Proxy 4 Free http://www.proxy4free.com
Samair.RU http://www.samair.ru/proxy/
Public proxy servers http://www.publicproxyservers.com/proxy/list1.html
Virtual private network services
Private Tunnel https://www.privatetunnel.com
VPNBook http://www.vpnbook.com
JustFreeVPN http://www.justfreevpn.com
VPNAccount http://www.vpnaccount.org
L2TP VPN Service http://www.freel2tpvpn.com
OkayFreedom VPN https://www.okayfreedom.com
VPNAccess http://freevpnaccess.com
Hotspot Shield Ad Supported http://www.hotspotshield.com
CyberGhost http://cyberghostvpn.com
Free UK & US VPN http://www.ukusvpn.com
Free VPN for UK http://www.vpnforuk.com
Premium VPN with Public IP http://www.truvpn.com
Free ProXPN http://proxpn.com
Online anonymizers
Anonymouse http://anonymouse.org/anonwww.html
Free Web Proxy http://www.vpnbook.com/webproxy
Online Anonymizer http://online-anonymizer.com
Hide My Ass! Web Proxy http://hidemyass.com/proxy/
KProxy https://www.kproxy.com
Megaproxy http://www.megaproxy.com/freesurf/
Tor, the onion router https://www.torproject.org/docs/documentation.html.en
VMware Player http://www.vmware.com/go/downloadplayer
VirtualBox https://www.virtualbox.org/wiki/Downloads
Clonezilla http://clonezilla.org/downloads.php
Virtualization software
VMware Player http://www.vmware.com/go/downloadplayer
VirtualBox https://www.virtualbox.org/wiki/Downloads
VirtualPC http://www.microsoft.com/en-US/download/details.aspx?id=3702
Trusted Adobe download sites
Adobe Reader http://get.adobe.com/reader
Adobe Flash Player http://get.adobe.com/flashplayer
Deep Freeze Standard by Faronics http://www.faronics.com/products/deep-freeze/standard/
Clonezilla http://clonezilla.org/download.php
Tuxboot http://sourceforge.net/projects/tuxboot/files/
Dependency Walker http://www.dependencywalker.com
pefile https://code.google.com/p/pefile/
pedump https://github.com/zed-0xff/pedump
pedump online PE file submission http://pedump.me/
Compression tools
WinZip http://www.winzip.com
WinRAR http://www.rarlab.com
7zip http://www.7-zip.org
p7zip http://p7zip.sourceforge.net/
GnuPG http://www.gnupg.org
MD5SUM http://www.etree.org/md5com.html
Microsoft File Checksum Integrity Verifier http://www.microsoft.com/en-us/download/details.aspx?id=11533
PEiD http://woodmann.com/BobSoft/Pages/Programs/PEiD
ClamAV http://www.clamav.net
Sample submission online services
F-Secure Sample Analysis http://www.f-secure.com/en/web/labs_global/submit-samples/sas
Sophos https://secure2.sophos.com/en-us/support/contact-support/sample-submission.aspx
Malware scanning services
VirusTotal by Google https://www.virustotal.com
VirSCAN http://www.virscan.org
Metascan by OPSWAT https://www.metascan-online.com
Jotti http://virusscan.jotti.org
Dr. Web http://www.drweb-online.com/en/online_check.asp
Fortiguard Online Virus Scanner http://www.fortiguard.com/antivirus/virus_scanner.html
Packers
Armadillo http://www.siliconrealms.com/armadillo.php
ASPack http://www.aspack.com/aspack.html
ASProtect32 http://www.aspack.com/asprotect32.html
ASProtect64 http://www.aspack.com/asprotect64.html
PECompact http://bitsum.com/pecompact/
UPX http://upx.sourceforge.net/
PE Explorer http://www.heaventools.com/overview.htm
Packers and unpackers http://www.woodmann.com/crackz/Packers.htm
Sysinternals Strings.EXE http://technet.microsoft.com/en-us/sysinternals/bb897439
Sysinternals Suite https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
System monitoring tools
InstallRite http://www.softpedia.com/get/System/System-Info/InstallRite.shtml
Uninstall Tool http://www.crystalidea.com/uninstall-tool
Memory analysis tools
Process Explorer https://technet.microsoft.com/en-us/sysinternals/bb896653
Autoruns https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Network analysis tools
TCPView https://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
Wireshark https://www.wireshark.org/
Yara https://github.com/plusvic/yara
Cygwin https://www.cygwin.com
Debuggers
OllyDbg http://www.ollydbg.de/
Immunity Debugger http://debugger.immunityinc.com/
WinDbg https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx.
KD and NTKD https://msdn.microsoft.com/en-us/library/windows/hardware/hh406279%28v=vs.85%29.aspx
Disassembler
IDA https://www.hex-rays.com/products/ida/support/download.shtml
Memory dumpers
LordPE by y0da http://www.woodmann.com/collaborative/tools/index.php/LordPE
Volatility Framework https://code.google.com/p/volatility/wiki/VolatilityIntroduction
PE viewers
Hiew http://www.hiew.ru/
Heaventools PE Explorer http://www.heaventools.com/overview.htm
PEview http://wjradburn.com/software/
Dependency Walker http://www.dependencywalker.com/
Resource Hacker http://www.angusj.com/resourcehacker/
PE reconstructors
ImpREC by MackT http://www.woodmann.com/collaborative/tools/index.php/ImpREC
Malcode Analyst Pack http://www.woodmann.com/collaborative/tools/index.php/Malcode_Analysis_Pack
Rootkit tools
Rootkit Unhooker http://www.antirootkit.com/software/RootKitUnhooker.htm
Rootkit Revealer http://download.cnet.com/RootkitRevealer/3000-2248_4-10543918.html
Network capturing tools
Wireshark https://www.wireshark.org/
TCPDump http://www.tcpdump.org/
TCPView https://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
OSR driver loader http://www.osronline.com/article.cfm?article=157
Automated sandboxes
Cuckoo http://www.cuckoosandbox.org/
Free online automated sandbox services
Anubis http://anubis.iseclab.org/
Comodo Instant Malware Analysis http://camas.comodo.com/
Comodo Valkyrie http://valkyrie.comodo.com/
EUREKA Malware Analysis Internet Service http://eureka.cyber-ta.org/
Malwr https://malwr.com/submission/
MalwareViz https://www.malwareviz.com/
Payload Security https://www.hybrid-analysis.com/
ThreatExpert http://www.threatexpert.com/submit.aspx
ThreatTrack Public Malware Sandbox http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx
VICheck https://www.vicheck.ca/