Quick Malware Analysis

Not fully understanding a malware threat before eradicating it can sometimes be a grave mistake. Formatting or re-imaging a computer without fully understanding the threat will only lead back to that computer being infected again and a continued threat to other computers on your network may still be present. Even a small amount of effort can dramatically help protect your organization from further infection or targeting.

If you use a corporate AV product, send samples to your vendor for malware that is not being detected. They will often come back with a custom update for your organization which can be pushed out to all installs on your network. Analyze firewall and system logs to see where the malware came from and what it is connecting to. This data can be fed into your firewall to block future connections and also can turn up other computers that may be infected.

A number of tools are now available to quickly analyze malware samples and give you the most information for little effort. Below are a few tools which I have found useful in analyzing different malware samples,

This is not an exhaustive list by any means, however these are tools I found useful and have saved me a lot of time and pain.