Windows Malware Analysis

VirusTotal Test

VirustTotal Search strings

Update Hash

$DIR  = "C:\Users\admin\Desktop\Samples\*.exe"
$count=1
foreach ($file in get-ChildItem $DIR)
(
add-content $file `0
$name=[string]$count + ".exe"
Rename-Item -path $file -newName $name
$count = $count + 1
)

 certutil -hashfile -MD5

https://github.com/RockAfeller2013/arcsight_scripts/edit/master/WIN10Base

http://boxstarter.org/package/url?https://raw.githubusercontent.com/fireeye/flare-vm/master/flarevm_malware.ps1

https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html
https://digital-forensics.sans.org/community/papers/gcfa/windows-10-forensic-platform_13102

https://digital-forensics.sans.org/community/downloads

https://github.com/StefanScherer/adfs2

https://www.sans.org/reading-room/whitepapers/incident/deployment-flexible-malware-sandbox-environment-open-source-software-36207

https://github.com/nbeede/BoomBox

https://digital-forensics.sans.org/community/papers/gcfa/windows-10-forensic-platform_13102

https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html

https://github.com/fireeye/commando-vm

https://www.sans.org/reading-room/whitepapers/incident/deployment-flexible-malware-sandbox-environment-open-source-software-36207

https://layer0.xyz/malware_forensics/2020/04/14/Cuckoo_SIFT_With_Ansible/

https://digital-forensics.sans.org/community/downloads%20v

https://www.travismathison.com/posts/Getting-started-FlareVM-Ghidra/

https://kastelo.net/blog/2017-05/coexisting-virtualbox-vmware-fusion-macos/

https://on24static.akamaized.net/event/36/40/68/4/rt/1/documents/resourceList1649099424605/malwareanalysisclassapril251650897453741.pdf

https://spaces.hightail.com/space/JnzBbq04yp/files