Free Toolkits for Automating Malware Analysis

Automating some aspects of malware analysis is critical for organizations that process large numbers of malicious programs. Such automation allows analysts to focus on the tasks that require human insights. There are several free toolkits you can use as the starting point for building your own automated malware analysis lab. The focus of this post is on the tools you can install locally; I wrote about free web-based behavioral analysis services earlier.

Two feature-rich and highly customizable options are outlined below:

There are several other toolkits you may find useful for automating aspects of behavioral malware analysis:

  • Cuckoo by Claudio Guarnieri is an open-source toolkit you can install locally for analyzing malicious files.
  • Zero Wine by Joxean Koret is a full-featured tool for dynamically analyzing the behavior of Windows malware by running it within the WINE emulator on Linux.
  • Buster Sandbox Analyzer by Buster is a wrapper around the Sandboxie tool for Windows, which helps you examine the key actions of applications executed by Sandboxie in your lab.
  • Malheur by Konrad Rieck is a very promising tool for analyzing the volumes of data collected by behavioral sandboxes.
  • REMnux by yours truly is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software.

If you’re interested in building your own malware analysis toolkit manual behavioral review, take a look at the article I wrote earlier. You may also be interested in reading about the limitations of automated malware analysis.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more