Detect It Easy (Flare VM)
Detect It Easy is a free cross-platform program to analyze files you load into the application. It detects, among other things, the compiler and linker used, signatures, and other information about files.
The program has been designed specifically to reveal file signatures and how they are packed.
The program supports over 200 different file types that it can analyze, and defines (currently) the following file types: MSDOS, PE executable files for Windows, ELF executable files for Linux, MACH executable files for Mac OS, text files and binary files.
The Windows version of the program is portable and can be run right after it has been downloaded and unpacked to the local system.
Steps
-
Right-click the sample and execute Detect It Easy (DIE). This tool provides information about the file, such as its architecture, significant headers, packer used, and strings. In this task, we will only utilise the basic functionalities of Detect It Easy to gain the basic information needed to analyse the binary. If you want to learn more about this tool, you may refer to this link (opens in a new tab).
Upon opening, we will immediately discover the binary's architecture, and the executable packer used.
Packing malware is a common technique used by malware developers to compress, obfuscate or encrypt the binary. With this, contents such as significant strings and headers will not be immediately visible to Static Analysis Tools. (You can install the encoder en decode the file and run further analyse with [CAPA]([[4 - CAPA]]) and [Process Monitor]([[5 - Process Monitor]]))
-
You may test this information by doing the following:
-
View the strings from Detect It Easy, which shows an overwhelming number of strings that are not that significant for investigation.
-
Note: Strings are pieces of text inside a binary, often containing information such as IP addresses, URLs, or file names used by the malicious program. Â
-