Do you know why security researchers know the source of malicious code and how it spreads? Usually researchers will decompile malicious files from exe or any file into its source code, because most malicious code will be encrypted or messed up code. The Retoolkit source code analysis and decompiler synthesizer will help you do this easily.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Retoolkit aka Reverse Engineer’s Toolkit is a collection of tools to help decompile source code if you are passionate about decompiling and analyzing malware on x86 and x64 Windows systems. After installing this toolkit, you will have the combined tools used to decompile the source code used by many people, the list includes:
Of course you can still download individual software from the official websites and install them yourself. But if you Download Reverse Engineer’s Toolkit, you will save a lot of time compared to installing it manually. Also, the tools are preconfigured for x86 and x64 versions so you’ll find things like x64dbg with a few plugins, command line tools that work from any directory, etc. Best to install on virtual machine, because the analysis of malicious code can affect the real machine.
- .NET: de4dot, dnSpy
- Compilers: fasm (The flat assembler)
- Debuggers: x64dbg (Plugin %AppFolder%\x64dbg\scripts)
- Decompilers: Exe2Aut, Ghidra, IDR, JD-GUI, myAutToExe, Recaf
- Document analysis: OfficeMalScanner
- Hexadecimal editors: Fhex, ImHex, rehex
- PE analyzers: capa, Detect It Easy, FLOSS, PE-Bear, pestudio, pev
- PE resources editors: Resource Hacker
- Process monitors: API Monitor, FileGrab, Process Hacker, System Explorer
- Signature tools: YARA
- Unpacking: NoVmp, UPX, XVolkolak
- Utilities: beware ircd, CyberChef, Error Lookup, manw, SSView, vt-cli, winapiexec
The source code shared on github has not been built, so when you view the source you will see *.iss files, this is the file created by the author built with Inno Setup. To download the installer you can download it at the page Release.
This toolkit may not be enough in some cases of decompilation, if you want to complete it, you can install additional tools such as: OllydbgIDA, Hexedit, WinMerge, CFF explorerScylla…
