REMnux, A Linux Distro For Malware Analysis
There are many people out there that want to start malware analysis and reverse engineering, but don’t know where to start, so this article intention is to show everybody interested in malware analysis a Linux lightweight distro for doing malware analysis with reverse engineering tools. This distribution is called REMnux, it is based on Ubuntu and it is maintained by Lenny Zelster, a business and tech leader with extensive experience in information technology and security.
Do you want to know what is inside the pdf file that someone attached to the email? What does this executable do? Does it do what it says it does, or it connects us to an unknown machine? If you want to answer this questions, then REMnux is the best friend for you, REMnux offers a various number of tools for analyzing malicious software and files, such as malicious exe files, browser based malware and pdf files. You can also use specific REMnux tools to perform analysis on Flash programs and obfuscated Java script.
The good news about REMnux is that all tools included in it are free and well known in the malware analysis industry. So all you need is a book to read or articles on the internet about reverse engineering and learn how to use the tools. It is all up on you! REMnux was originally released in 2010 and it has been updated to version 4 in April 2013. Where can I download REMnux? There are two choices about the download, you can choose to download download the REMnux distribution as a virtual appliance archive and as an ISO image of a Live CD. You can find the downloads link listed below.
- OVF/OVA virtual appliance: remnux-4.0-ovf-public.ova
- VMware virtual appliance: remnux-4.0-vm-public.zip
- ISO image of a Live CD: remnux-4.0-live-cd.iso
To install the virtual appliance you need a virtualization software, the REMnux virtual appliance is compatible with many virtualization tools, such as VMware Player, VMware Workstation, VMware Fusion and VirtualBox. So before running remnux-4.0-ovf-public.ova you need one of these virtualization tools. I recommend using VMware, but as always it is up to you on which one to use. Now what to tell about the iso image file? I think you know what to do with it, go and burn it! (Not on fire guys :D)