📄
REMnux Documentation
  • REMnux: A Linux Toolkit for Malware Analysis
  • Install the Distro
    • Get the Virtual Appliance
    • Install from Scratch
    • Add to an Existing System
    • Run REMnux as a Container
    • Keep the Distro Up to Date
  • Discover the Tools
    • Examine Static Properties
      • General
      • PE Files
      • ELF Files
      • .NET
      • Deobfuscation
    • Statically Analyze Code
      • General
      • Unpacking
      • PE Files
      • Python
      • Scripts
      • Java
      • .NET
      • Flash
      • Android
    • Dynamically Reverse-Engineer Code
      • General
      • Shellcode
      • Scripts
      • ELF Files
    • Perform Memory Forensics
    • Explore Network Interactions
      • Monitoring
      • Connecting
      • Services
    • Investigate System Interactions
    • Analyze Documents
      • General
      • PDF
      • Microsoft Office
      • Email Messages
    • Gather and Analyze Data
    • View or Edit Files
    • General Utilities
  • Run Tools in Containers
    • Docker Images of Malware Analysis Tools
  • Behind the Scenes
    • People
    • Technologies
      • SaltStack Management
      • REMnux Installer
      • State Files Without the REMnux Installer
      • Debian Packages
      • Website and Docs
    • License
  • Tips and More
    • REMnux Configuration Tips
    • REMnux Tool Tips
    • Malware Analysis Training
    • REMnux Website
  • Get Involved
    • Ask and Answer Questions
    • Write About the Tools
    • Add or Update Tools
      • Contribute a Salt State File
      • Contribute a Debian Package
      • Contribute a Dockerfile
    • Implement Enhancements
Powered by GitBook
On this page
  • TrID
  • Bytehist
  • ClamAV
  • binwalk
  • UPX
  1. Discover the Tools
  2. Statically Analyze Code

Unpacking

Statically Analyze Code

PreviousGeneralNextPE Files

Last updated 4 years ago

TrID

Identify file type using signatures.

Website: Author: Marco Pontello License: Free, unknown license Notes: trid, tridupdate State File:

Bytehist

Generate byte-usage-histograms for all types of files with a focus PE files.

Website: Author: Christian Wojner: License: ISC License: Notes: bytehist State File:

ClamAV

Scan files for malware signatures.

Website: Author: License: GNU General Public License (GPL): Notes: clamscan, freshclam State File:

binwalk

Extract and analyze firmware images.

Website: Author: Craig Heffner, ReFirmLabs License: IBM Public License, Common Public License, GNU General Public License (GPL) v2: Notes: MIT License: State File:

UPX

Pack and unpack PE files.

Website: Author: Markus Oberhumer, Laszlo Molnar License: GNU General Public License (GPL): Notes: upx State File:

https://mark0.net/soft-trid-e.html
remnux.tools.trid
https://www.cert.at/downloads/software/bytehist_en.html
https://twitter.com/Didelphodon
https://en.wikipedia.org/wiki/ISC_license
remnux.tools.bytehist
https://www.clamav.net
https://www.clamav.net/about
https://www.clamav.net/about
remnux.packages.clamav-daemon
https://github.com/ReFirmLabs/binwalk
https://www.sleuthkit.org/sleuthkit/licenses.php
https://github.com/ReFirmLabs/binwalk/blob/master/LICENSE
remnux.packages.binwalk
https://upx.github.io
https://github.com/upx/upx/blob/master/LICENSE
remnux.packages.upx-ucl