Awesome Malware Analysis

       

A curated list of tools, resources, labs, and communities for analyzing, dissecting, and understanding malicious software.

Malware analysis helps cybersecurity professionals understand how malicious software operates, how it propagates, and how to defend against it. This list is for security analysts, malware researchers, digital forensics experts, and curious learners.

Contents

• Learning Resources
• Online Sandboxes
• Static Analysis Tools
• Dynamic Analysis Tools
• Disassemblers & Debuggers
• Memory Forensics
• Samples & Datasets
• Malware Repositories
• Communities & Blogs
• Related Awesome Lists

Learning Resources

• Practical Malware Analysis (book) – Comprehensive hands-on guide to malware reverse engineering.
• Malware Unicorn's Reverse Engineering 101 – Free workshop covering malware RE basics.
• Open Security Training – Deep technical training on assembly, reversing, and exploitation.
• Zero2Auto – Beginner’s guide to automated malware analysis.

Online Sandboxes

• Any.run – Interactive sandbox with real-time analysis.
• Joe Sandbox – Advanced malware analysis environment.
• Hybrid Analysis – Public sandbox powered by Falcon Sandbox.
• Intezer Analyze – Genetic malware analysis platform.
• Cuckoo Sandbox – Open-source automated malware analysis system.

Static Analysis Tools

• PEStudio – Static analysis tool for Windows executables.
• Detect It Easy (DIE) – PE file analyzer with signature matching.
• Binwalk – Firmware analysis tool for binary inspection.
• Flare VM – Malware analysis and reverse engineering virtual machine.

Dynamic Analysis Tools

• Procmon – Monitors real-time file system, registry, and process activity.
• Process Explorer – Detailed process inspection and hierarchy.
• Regshot – Registry snapshot comparison tool.
• ApateDNS – DNS spoofing for malware analysis.
• Wireshark – Network protocol analyzer.

Disassemblers & Debuggers

• Ghidra – Open-source software reverse engineering suite from NSA.
• IDA Free – Free version of the IDA Pro disassembler.
• x64dbg – Open-source Windows debugger.
• Radare2 – Framework for reverse engineering and binary analysis.
• OllyDbg – 32-bit assembler-level debugger for Windows.

Memory Forensics

• Volatility – Advanced memory forensics framework.
• Rekall – Memory analysis tool focused on speed and scalability.
• LiME – Linux Memory Extractor for volatile memory acquisition.
• DumpIt – Memory dump utility for Windows.

Samples & Datasets

• VirusShare – Large collection of malware samples.
• MalwareBazaar – Community-driven malware database.
• VX Underground – Largest collection of malware source code and samples.
• Zoo – Repository of live malware samples for research.

Malware Repositories

• MalShare – Free malware repository.
• Contagio Malware Dump – Malware samples, documents, and exploits.
• Das Malwerk – German malware collection for research and education.

Communities & Blogs

• Malware Traffic Analysis – PCAPs and walkthroughs of infection traffic.
• VX-Underground Twitter – Active community around malware artifacts and threats.
• Hexacorn Blog – Reverse engineering blog focused on Windows internals.
• Reverse Engineering StackExchange – Q&A for reverse engineering topics.

Related Awesome Lists

• Awesome Cybersecurity – General cybersecurity tools and resources.
• Awesome Threat Intelligence – Resources for gathering and analyzing cyber threats.
• Awesome OSINT – Tools and techniques for open-source intelligence.

Contribute

Contributions are welcome!

License