This note was published in April 2013. A newer revision of the REMnux distro has been released since then.
I’m pleased to announce the release of version 4 of the REMnux Linux distribution for reverse-engineering malicious software. The new version includes a variety of new malware analysis tools and updates the utilities that have already been present on the distro.
What’s new in REMnux v4? See the details below and watch the recorded webcast where I showcase some of the key additions. You can download the latest release at REMnux.org.
What’s New in REMnux v4
REMnux is now available as a Open Virtualization Format (OVF/OVA) file for improved compatibility with virtualization software, including VMware and VirtualBox. (Here’s how to easily install the REMnux virtual appliance.)
Key updates to existing tools and components:
- Core system: Upgraded the underlying Ubuntu OS components and packages; increased default RAM of the virtual appliance to 512MB; replaced OpenJDK with Oracle Java 7 runtime.
- Memory analysis: Updated Volatility to version 2.2.
- PDF analysis: Updated pdfid and pdf-parser, Origami, peepdf
- Web analysis: Updated SWFTools, V8, libemu, NetworkMiner, Burp Proxy, Wireshark, Firefox and its add-ons.
- Other changes: Updated xorsearch, DensityScout, Pyew, passive-dns, ClamAV, capabilities.yara; replaced FreeMind with XMind
New tools added to REMnux:
- Windows tools: Installed Wine; added OfficeMalScanner, Malzilla
- XOR analysis: Added NoMoreXOR, brutexor, XORBruteForcer
- PE file analysis: Added pev, dism-this, ExeScan, udis86 (udcli), autorule (/usr/local/autorule), disitool
- Other file analysis: Added extract_swf.py, ExifTool, MASTIFF
- Other additions: Added hack-functions (/usr/local/hack-functions), bulk_extractor, ProcDot
Getting Started With REMnux
The one-page REMnux Usage Tips cheat sheet outlines some of the more popular tools installed on REMnux. Feel free to customize it to incorporate your own tips and tricks.
The recorded Malware Analysis Essentials Using REMnux webcast provides a good overview and examples of some of the tools for performing static malware analysis. I also recorded a webcast to discuss What’s New in REMnux v4 for Malware Analysis and to demonstrate the new tools.
If you find REMnux useful, take a look at the reverse-engineering malware course that my colleagues and I teach at SANS. It makes use of REMnux and various other tools.
If you haven’t already, download the REMnux distro at REMnux.org.