Static Analysis

Bintext

Tool	Bintext
URL	BinText - aldeid
Target	Windows EXE/PE files
Cost	Free
Description	- Finds Ascii, Unicode and Resource strings in a file.
useful for	- finding unpacked/unencrypted strings in a file
similar Tools	strings

CFF Explorer

Tool	CFF Explorer
URL	https://www.winitor.com/
Target	Windows EXE/PE files
Cost	Free
Description	- shows header information - import functions - hex editor - quick disassembler
useful for	- general information about a PE file
similar Tools	PEiD, PeStudio

PeStudio

Tool	PeStudio
URL	Explorer Suite – NTCore
Target	Windows EXE/PE files
Cost	Free
Description	- checks the sample on VirusTotal - import functions - strings - libraries
useful for	- general information about a PE file
similar Tools	PEiD, CFF Explorer

PEiD

Tool	PEiD
URL	PEiD - aldeid
Target	Windows EXE/PE files
Cost	Free
Description	- Detects packers, decryptors and compilers - Different scan modes - normal: entry point and included signatures - deep mode: increased detection ratio - explore all the currently running processes
useful for	- detect which packer was used to pack the binary - detect known decryptors
similar Tools	CFF Exporer, PeStudio

Resource Hacker

Tool	Resource Hacker
URL	http://www.angusj.com/resourcehacker/
Target	Windows EXE/PE files
Cost	Free
Description	- viewing and editing resources in executables - add - modify - replace resources (strings, images, dialogs, menus, VersionInfo and Manfiest resources)
useful for	- analyze resource files in binaries
similar Tools

PE-bear

Tool	PE-bear
URL	https://hshrzd.wordpress.com/pe-bear/
Target	Windows EXE/PE files
Cost	Free
Description	- Its objective was to deliver fast and flexible “first view” tool for malware analysts, stable and capable to handle malformed PE files.
useful for	- analyze PE files - rebuild Imports Table
similar Tools

apktool

Tool	apktool
URL	Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps.
Target	APK Files (binary Android apps)
Cost	Free
Description	- A tool for reverse engineering 3rd party, closed, binary Android apps.
useful for	- analyze APK files
similar Tools

Detect it Easy

Tool	Detect it easy
URL	http://ntinfo.biz/index.html#detect_it_easy
Target	Windows EXE/PE files
Cost	Free
Description	- detects packers
useful for	- detecting packers like UPX etc.
similar Tools

Strings

Tool	strings
URL
Target	any file
Cost	Free
Description	- finds ASCII, Unicode strings in a file
useful for	- quick check if there are strings in file
similar Tools	Bintext, FLOSS

FLOSS

Tool	floss
URL	https://www.fireeye.com/services/freeware/floss.html
Target	any file
Cost	Free
Description	- finds ASCII, Unicode strings in a file
useful for	- quick check if there are strings in file
similar Tools	Bintext, strings

Hash my files

Tool	hash my files
URL	HashMyFiles: Calculate MD5/SHA1/CRC32 hash of files
Target	any file
Cost	Free
Description	- calculate MD5/SHA1/CRC32 hashes of your files
useful for	- calculating the hash of file and compare it on VirusTotal
similar Tools	md5sum, sha1sum, ...

ExeInfo PE

Tool	ExeInfo PE
URL	http://www.exeinfo.xn.pl/
Target	Windows EXE/PE files
Cost	Free
Description	- Packer detector - compressor detector - unpack info
useful for	- get a short overview how the file was compiled, packed, ...
similar Tools	Detec It Easy, PeID

HxD

Tool	HxD
URL	mh-nexus
Target	any file
Cost	Free
Description	- hex editor
useful for	- view/edit the file in HEX mode
similar Tools	any hex editor

FileAlyzer

Tool	FileAlyzer
URL	FileAlyzer - Spybot Anti-Malware and Antivirus : Spybot Anti-Malware and Antivirus
Target	any file
Cost	Free
Description	- shows details about the file - md5sum - sha1sum - MZ header - PE header - upload to VirusTotal
useful for	- see details about the file
similar Tools	PEiD, CFF Explorer, PE Studio

SSDEEP

Tool	SSDEEP
URL	ssdeep - Fuzzy hashing program
Target	any file
Cost	Free
Description	- ssdeep is a program for computing context triggered piecewise hashes (CTPH). Also called fuzzy hashes, CTPH can match inputs that have homologies. Such inputs have sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.
useful for	- fuzzy hashing
similar Tools