Malware Forensics: 
Investigating and Analyzing Malicious Code
Web Based Tools 
July 10, 2009:
FEATURED TOOL: EXE_Dump_Utility online PE Analysis tool allows as user to Upload a Windows EXE file or DLL and get a report of all the information included in it. The online tool is based upon Ero Carrera's well known python PE file analysis utility, pefile.
July 8, 2009:
FEATURED TOOL: Flash Probe
Flash Probe is a free online tool that can parse flash files and display text, images and links found within. The tool will create HTML versions of your flash websites.
• Accepts uploaded SWF files or downloads them from URL
• Parses text from SWF
• Displays linked files from SWF
• Displays all pictures embedded in SWF file
• Creates an HTML version from the text and links found in your flash file. This feature is useful to create a search engine friendly version of your website.
• Shows text search engines will index from your SWF file.
July 1, 2009:
FEATURED TOOL: RE Portal
RE Portal is a work in progress and under construction. Self-described as "[a] central repository for reverse engineering tools. REportal contains a compresensive set of reverse engineering tools to profile and data mine source code and software systems," the portal currently only supports Java source code.
June 30, 2009:
FEATURED TOOL: Malicious URL Scanners- There are a number of online services that scan URLS for malware and blacklisting, including:
1) LinkScanner
2) Finjan
3) Dasient Web Anti-Malware
4) McAfee Site Advisor
5) VirusChief
6) Scandoo
April 4, 2009:
FEATURED TOOL: Filterbit Online Virus Scanning Portal
"Filterbit™ is a free service where you can upload files for scanning, analysis and identification by multiple antivirus engines. Filterbit facilitates rapid detection of viruses, trojans, worms and other malware that may be contained within your uploaded files. In many cases, Filterbit can also scan, analyze and individually identify multiple files contained within a file archive such as Winzip, WinRar, PKZip and other types. Filterbit also analyzes the types of each uploaded file such as Microsoft Word, PDF, TXT and other types and reports this in a human readable format."
April 3, 2009:
FEATURED TOOL: DNSCog DNS Diagnostic Suite
DNSCog is a suite of free DNS diagnostics tools, including a comprehensive DNS report tool, WHOIS lookup, traceroute and DNS query.
March 13, 2009:
FEATURED TOOLS: Team Cymru Tools
Malware Hash Registry: The Malware Hash Registry (MHR) project is a look-up service similar to the Team Cymru IP address to ASN mapping project. This project differs however, in that the user can query the service for a computed MD5 or SHA-1 hash of a file and, if it is malware in the MHR data set, the user is provided with information relating to the last time the malware was seen, along with an approximate anti-virus detection percentage.
Botnet Analysis and Tactical Tool (BATTLE) for Law Enforcement: The Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays IRC and HTTP botnet data on an interactive world map in near real time. It is intended to provide enough information to enable law enforcement to identify botnets and attacks that are of interest to them.
The Bank Identification Number (BIN) Feed: BIN Feed comprises a near-real-time list of bank accounts and credit cards that have been identified by Team Cymru as potentially compromised. This data comes from Team Cymru's unique insight into the Underground Economy. This service is provided to verified financial institutions at no cost to them.
December 14, 2008:
Virus Total updates: Virus Total, the online malicious code scanning service, has added some great features to its scanning engines and output, including packing detection with PEiD; file identification using Marco Pontello's Trid; PE structure information output, and contextual piecewise hashing using Jesse Kornblum's ssdeep. It would be interesting if Virus Total used the matching functionality of ssdeep to compare a submitted specimen with previous submissions and provided output identifying related/similar specimens.
