It supports 6 Java decompilers (JD-GUI/Core, Procyon, CFR, Fernflower, Krakatau, JADX-Core), it can easily edit Android APKs with its Smali/Baksmali and dex2jar integration. It integrates several free tools into the unified user interface. Java (and Android applications) decompiler, bytecode editor and compiler. 2: dnSpy and the obfuscated program debugging - function 7.3 decrypted the payload and returned the byte array, which can be dumped for further analysis (Hack The Box sample) Bytecode Viewer
It is also suitable as an educational tool because of its intuitive user interface with good support for cross-references from and to analyzed functions.īecause dnSpy is deprecated now, there are couple of alternatives: dotPeek, ILSpy or cross platform MonoDevelop which is available for. NET versions it is still sufficient, but we need to keep in mind that no new features or support for newer. On the other hand, the latest release is still available for download. However, in December 2020 it was discontinued and the Github repository was archived. NET debugger dnSpy was very popular tool used not only for malware analysis.
Nowadays this tool is almost archaic for someone. 1: Wireshark and analysis of the email sent by JobCrypter ransomware dnSpy This is especially useful in case of malware traffic analysis, when we want to analyze the communication with C&C server - with a SSL proxy we can intercept and decrypt its traffic.įig. Last, but not least, it can decrypt SSL/TLS traffic, if we provide private key associated with the server certificate. It supports powerful filters and thanks to the integration of plenty of the dissectors it can understand and parse a wide range of network protocols. It can do a realtime capture and analysis as well as dump the captured traffic for later offline analysis. Wireshark is the well known tool for analysis of network traffic and network protocols. This time, we focus on tools for analysis other types of the files instead of the native binaries from the previous blog. Moreover, we select the tools which are freely available. In the second part of our overview we continue with the selection of the most used and most usable malware analysis tools.
0 kommentar(er)
