Cheatography
https://cheatography.com
Essential commands used with Remnux Linux Distribution to use for malware analysis
This is a draft cheat sheet. It is a work in progress and is not finished yet.
General information
I mainly use this to get the compile date and time of the malware being examined
Imported & Exports Functions
manalyze --dump=imports |
pedump --imports |
pedump --exports |
Headers/Sections
manalyze --dump=sections malware.exe |
pedump --sections malware.exe |
pedump --pe* malware.exe |
--mz, --rich, and much more exist check the help |
Packer
pedump --packer-only malware.exe |
Resource
pedump --resources* malware.exe |
Use to check the resources in the malware |
pedump malware.exe --extract resource:0x4060* > extracted_resource |
where 0x4060 offset of resource and extracted_resource is itself extracted from the malware. |
Exports
manalyze --dump=exports malware.dll |
pedump --exports malware.dll |
|
|
|
