FireEye Releases VM Malware Tool

Friday, July 28, 2017 @ 11:07 AM gHale


FireEye released software that creates a fully customizable virtual machine (VM) for malware analysis.

FireEye Labs Advanced Reverse Engineering (FLARE) is a Windows-based security distribution developed by FireEye threat researcher Peter Kacherginsky to address the challenges associated with maintaining a custom VM.

RELATED STORIES
IBM Creates Car, IoT Security Services
Pushing for a Cyber Secure Car
Vehicle Security Guidance Releases
Connected Car: Start Thinking Security

FLARE ended up inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others, Kacherginsky said in a blog post.

It has a comprehensive collection of security tools that can end up used to conduct malware analysis, reverse engineering, incident response, forensic investigations and penetration testing.

It also includes disassemblers, debuggers, decompilers, static and dynamic analysis, exploitation, vulnerability assessment, and network analysis tools.

To install FLARE VM, users need a virtual machine with Windows 7 or a newer version of the operating system. From the VM, they need to visit a URL in Internet Explorer and the installation starts.

The process takes 30-40 minutes, depending on the connection speed, and it involves several restarts of the system.

Once the installation has been completed, users are advised to make a snapshot of the VM to save its clean state and switch networking settings to Host-Only in order to prevent the analyzed malware samples from connecting to the local network or the Internet.



Leave a Reply

You must be logged in to post a comment.