For350‐TestPrep - ConnorEast/Tech-Journal GitHub Wiki

There is no final


  • Check for packing, LOLbins [living off the land] within the file, Check Sections (including Read/Write/Execute Permissions) for if they have more than 7 or less than 5 sectors. Check compiler, check first few bytes [MimeType] to see if it matches the file extension, Check strings for DLL Imports and check for embedded content.
  • Use yara to search for odd strings/uri's and the quantity of them (http, https,ftp, scp, etc)
  • Check the hash of the file
  • Check the Certificates [TLS root certificates (Expiration dates, signing party)] -- certutil or sigcheck.
  • PEStudio or PEBear (Ghidra RE) for static analysis
  • strings
  • ltrace for elf files (Linux)
  • file (check file types)
  • cat a binary? Type "reset"
  • Dynamic analysis (use FakeNet-NG) or have it go through tor. Sysinternals can be used [procexp]

    • FlareVM
    • FakeNG
    • Elf File (Normal V Abnormal)
    • Noriben (Python program for dynamic malware analysis)
    • PDF analysis
    • Browmal (upload a word document) or use olevba
    • Office Macros (VBA &)
⚠️ **GitHub.com Fallback** ⚠️