Malware Analysis Tutorial

Resources to get you started:

  1. Introduction to Malware Analysis Webcast
  2. Using VMware for Malware Analysis
  3. Building a Malware Analysis Toolkit Using Free Tools

Basic Training/Tutorials Video:

  1. Windows ASM
  2. Linux ASM
  3. Buffer Overflow
  4. Format String Vulnerability
  5. Binary Auditing (Training Materials for University Lecturers)


Ms. Moneymany’s Mysterious Malware

Solutions to exercises:

Answers to the Ms. Moneymany’s puzzle.

All about Viruses

The Giant Black Book of Computer Virus

Malware Analysis Tutorial:

The Legend of Random (Reverse Eng Tutorial)

Edgis Security

Dr. Fu’ Security Blog (static and behavior)

Malware Samples Sites:


KernelMode  (Focuses on Win32 and novel rootkit techniques) (People occasionally will post their unpacked executables here, which differ from ‘in the wild’ executables they are seeking to drop on victim’s computers, but interesting none the less, many many rips of more well known techniques and software ranging from TDL to Zeus can be found at sites like this)


Malware URLs. This is a list I maintain myself and is updated daily. Here you will find many live malware samples. Be careful and don’t open the URLs in a browser

Open Malware. This is the new site for the old Offensive Computing., which has about 5.6 million samples. You will need to request access, but explain your research intention.

Malware Domain List

URL Query list of malware

VX Vault

Site Inspector (by Comodo)

Malc0de Database

Sucuri Malware LabsClean-MX Realtime database

Sourcefire Vulnerability Research Team Labs

Zeus Tracker

NovCon Minotaur Analysis System



Tools for collecting malware:


Dionaea Honeypots

Thug – Client Side Honeypot

Analyzing Malwares:

Binary Auditing Using IDA Pro Tutorial

Vadim Kotov analyzing Trojan Win32 Yakes

Other Blogs

Analyzing Malware from PCAP files – Networktotal

Malware evading Process Monitoring (Fireeye article)

Analysis of Flame (relationship with Duqu and Stuxnet)

Memory Dump Analysis Technical Analysis (Analyzing various malware)

Open Source Collection of Android Malware Analysis Tools – AndroGuard

Analyzing Unknown Malware

REMnux: A Linux Distribution for Reverse-Engineering Malware

Madiant for malware research

Static Analysis

PeStudio from Winitor

NSA on Static Analysis

Video Tutorial:

Part I (from eLearnSecurity)

Part II (from eLearnSecurity)

Behavior Analysis Tools

Jaquelin Win 32 Override Tools (API Hooking)

PE (Portable Executable)

Microsoft PE and COFF Spec


PEdump (online version

Stud_PE (PE Viewer/Editor)

Shellcode Tutorial

Project Shellcode


Building your own packers

PE Obfuscator 

UPX for executables

PE File Compressor/Protector

Unpacker Tools


Dynamic Binary Instrumentation

Intel Pin Tool



Reverse Engineering Tutorials & Tools

MEH Repository Indonesia

Woodman Crackz Tools

The Legend of Random

Malware Reversing Blog

Analysis of various Malware

Analysis of Zembro Bot

Malware that detects sandbox

Framer Analysis (by ESET)

Android Malware Analysis

Reversing Matsnu Malware Family

Gauss Malware (a cyber-espionage toolkit based on the Flame platform) Analysis

Reverse Engineering Tutorial

Malware Sandboxes:

GFI Malware Sandbox




Comodo CAMAS

Norman Sandbox


DELL SecureWorks Truman

Cuckoo Sandbox

Buster Sandbox Analyzer



Zero Wine

Norman Malware Analyzer G2

Joe Sandbox


Distributed Task Queue

Queuing Malware for Malware Analysis – Celery

Analyzing Malicious Website:

My Web of Trust (

Unmask content (

Hurl it (

Urlquery (

Urlvoid (

Malware Classification/Clustering (online)

Simseer (Malware Similarity and Clustering) (Malware Behavior Analysis)

Data Mining Project (Classification of Packed Executables for Accurate Computer Virus Detection)


Experimenting with Honeypots Using The Modern Honey Network

Wordpot – WordPress Honeypot

Shockpot – WebApp Honeypot for detecting Shell Shock exploit attempts

Beeswarm – Active IDS made easy

Indicator of Compromise

IOC Scanner – LOKI


VM Detection tool – scoopyng