Resources
This is a list of commonly used tools and resources for helping a website owner or malware analyst get more information about a given file or sample of code.
My Resources
- My ClamAV Signatures - repo
- My Decoders - repo
- Beautify Tools - website
- Formatting tools to make code easier to read, character converters (hex to ascii, etc), decoders, etc
- CyberChef - website
- Multi-purpose, multi-format decoder, encoder, etc
- MobileFish website
- Base64 Decoders, gzinflate/base64 decoders, javascript execution, character encoding, etc
- CodeBeautify website
- Multiple different beautifiers and decoders
Decoders
Character Conversion
Code reformatting for readability
Public Scanners
These are publicly accessible virus scanners that can take a File, URL, or hash (MD5 or SHA checksum) and return analysis results on them. Results will vary and may need additional interpretation in order to reach definitive conclusions.
- ClamAV - website
- “Virus” scanner. Highly configurable to search for expressions / hashes
- Paiza.io - website
- Let’s you enter code, modify it, and run it to see what it does.
- Google (or Bing or your favorite search engine)
- Paste in part of the code as a search string and see what comes up…don’t be discouraged if your first search doesn’t turn up anything.
- W3Schools website
- Great resource for programming languages of all types. Includes ability to ‘try it out’ for functions.
- PHP.net website
- THE resource for understanding how PHP functions are used. If you can’t find a function name here, it’s probably a custom function.
- Microsoft’s VBA reference website
- THE resource for understanding Visual Basic and VBScript
- SANS Institute website
- A good collection of Internet and security information and resources.