Use DIE, CFF explorer to conduct the static analysis.
Reverse C/C++
Reverse C#
After decompiling
Export the decompiled code to Microsoft Visual studio/Microsoft Visual Code, setup a remote server, try to debug the source code. Other tools for the debugging
- API Monitor
- ollydbg ⇢ attach the process for debugging
- Wireshark
Others
Feodo Tracker
Feodo Tracker tracks botnet C&Cs associated with Emotet (aka Heodo), Dridex, TrickBot and QakBot
feodotracker.abuse.ch
GitHub – hasherezade/pe-sieve: Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches). – GitHub – hasherezade/pe-sieve: Scans a given…
github.com
Linux Tricks
