Analyzing malware
The tools for analysing malware range from simple hex editors and Interactive Disassemblers to GUI based tools that integrate online searching and analysis. Each incident will often dictate the specific tools or techniques utilized. A possible infection through a social engineering email that is in the process of infecting network systems may require analysts to work rapidly to identify the malware's behaviour and craft a solution to remove it.In other circumstances, a security control may have identified a file that it deems suspicious.With no active incident at hand, the incident response analysts may want to completely rip apart the code to determine if it had a specific purpose. In either case, the following tools are useful in assisting in the process but, by no means, it is the list all inclusive.
Note
There are several sites that provide sample malware for training and research. For example, in this chapter, two such samples were taken from malware-traffic-analysis...