Malware Research, Collection, and Analysis
All of this information was collected by doing google searches or from the URLs mentioned in the References section. I collected them here because I wanted a single list that I could update, refer to, and share with others. Simply having a link listed here is not necessarily an endorsement. I only have personal experience with a small number of the resources listed here. I did however, make an initial attempt to remove dead links from the reference links. Some good starting points are Lenny Zelster's Reverse-Engineering Malware Cheat Sheet and Analyzing Malicious Documents Cheat Sheet. In fact, as you'll notice in the reference section, Lenny's site is included multiple times. He has some really awesome information.
Mailing Lists and Discussion Forums
http://www.securityfocus.com/archive/138/description http://reddit.com/r/ReverseEngineering http://lists.clean-mx.com/cgi-bin/mailman/listinfo/viruswatch https://groups.google.com/forum/#!forum/malware-removal https://groups.google.com/forum/#!forum/virustotal https://groups.google.com/forum/#!forum/mobilemalware https://groups.google.com/forum/#!forum/hk-malware-analysis http://www.kernelmode.info/forum/viewforum.php?f=16
Acquiring Samples
http://virusshare.com/ http://www.malware-traffic-analysis.net/index.html https://github.com/ytisf/theZoo http://www.malwaredomainlist.com/mdl.php http://www.malwareblacklist.com/showMDL.php http://support.clean-mx.de/clean-mx/viruses.php http://malc0de.com/database/ https://palevotracker.abuse.ch/ http://malwaredb.malekal.com/ http://blog.urlvoid.com/247/new-list-of-dangerous-websites-to-avoid/ http://www.scumware.org/ http://www.threatlog.com/ http://jsunpack.jeek.org/?list=1 http://www.malwareurl.com/ http://www.offensivecomputing.net/?q=taxonomy/term/1 http://vxvault.siri-urz.net/ViriList.php http://vxvault.siri-urz.net/URL_List.php http://contagiodump.blogspot.com/2011/03/take-sample-leave-sample-mobile-malware.html http://virussign.com/downloads.html http://www.fakeavs.com/ http://www.malware.lu/ http://www.nictasoft.com/ace/malware-urls/ http://labs.sucuri.net/ http://freelist.virussign.com/freelist/ http://malwareurls.joxeankoret.com/normal.txt http://malwared.malwaremustdie.org/db/fulllist.php http://androidsandbox.net/samples/ http://malshare.com/ https://avcaesar.malware.lu/ https://twitter.com/MalwareChannel http://www.nothink.org/honeypots/malware-archives/
Tools
Static Analysis
- HashCalc
- TrID-File Identifier
- PEview
- PEID
- BinText
- Dependency Walker
- Heap Inspector
- Unix Strings
- IDA
- OllyDBG
Dynamic Analysis
- RegShot
- InCtrl5
- RegMon
- ProcMon
- FileMon
- NetCat
- BinText
- LordPE
- Wireshark
- FakeDNS
- FakeNet
- Multipot
- APIMonitor
- SysAnalyzer
- MCaptureBAT
- Memoryze
- HBGary Fast Dump
- Volatility
- DRAKVF
Automated Analysis
Free Automated Online Analysis
http://anubis.iseclab.org/ http://camas.comodo.com/ http://valkyrie.comodo.com/ http://eureka.cyber-ta.org/ http://www.document-analyzer.net/ https://malwr.com/submission/ https://www.hybrid-analysis.com/ http://www.threatexpert.com/submit.aspx http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx https://www.vicheck.ca/ https://www.virustotal.com/
Free Online Link Checkers
http://www.avgthreatlabs.com/website-safety-reports/ http://www.brightcloud.com/tools/url-ip-lookup.php http://app.webinspector.com/ http://www.senderbase.org/ http://www.isithacked.com/ http://safeweb.norton.com/ http://www.phishtank.com/ http://www.malwaredomainlist.com/mdl.php http://www.malwareurl.com/listing-urls.php http://mxtoolbox.com/blacklists.aspx http://quttera.com/ http://www.reputationauthority.org/ http://global.sitesafety.trendmicro.com/ http://urlblacklist.com/?sec=search http://urlquery.net/ http://urlvoid.com/ https://www.virustotal.com/ http://vurl.mysteryfcm.co.uk/ http://wepawet.iseclab.org/ http://zulu.zscaler.com/