📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • TrID
  • Bytehist
  • ClamAV
  • binwalk
  • UPX
  1. Discover the Tools
  2. Statically Analyze Code

Unpacking

Statically Analyze Code

TrID

Identify file type using signatures.

Website: https://mark0.net/soft-trid-e.html Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File: remnux.tools.trid

Bytehist

Generate byte-usage-histograms for all types of files with a focus PE files.

Website: https://www.cert.at/downloads/software/bytehist_en.html Author: Christian Wojner: https://twitter.com/Didelphodon License: ISC License: https://en.wikipedia.org/wiki/ISC_license Notes: bytehist State File: remnux.tools.bytehist

ClamAV

Scan files for malware signatures.

Website: https://www.clamav.net Author: https://www.clamav.net/about License: GNU General Public License (GPL): https://www.clamav.net/about Notes: clamscan, freshclam State File: remnux.packages.clamav-daemon

binwalk

Extract and analyze firmware images.

Website: https://github.com/ReFirmLabs/binwalk Author: Craig Heffner, ReFirmLabs License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: https://www.sleuthkit.org/sleuthkit/licenses.php Notes: MIT License: https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE State File: remnux.packages.binwalk

UPX

Pack and unpack PE files.

Website: https://upx.github.io Author: Markus Oberhumer, Laszlo Molnar License: GNU General Public License (GPL): https://github.com/upx/upx/blob/master/LICENSE Notes: upx State File: remnux.packages.upx-ucl

PreviousGeneralNextPE Files

Last updated 4 years ago