Getting back into the game: exe analysis tools suggestions

Hey all,

It’s been about 2 years since I’ve been active in the security scene, and I’ve got the itch again, wanting to pick it back up.

I’m looking for a soft push in the right direction, specifically with something I’m currently looking at which has me interested. I’ve been sent an exe file, and I know briefly what it does, but I’m wanting to gather the following information. If anyone has any suggestions on apps or methods, please let me know, and I’ll go off and do the research.

  • I’m not sure what language the code is, within the exe I’ve been sent.

  • What’s an efficient method of determining the language?

  • I’ve been using Wireshark to determine the IP’s which are being contacted after launching the exe, is there better/more prefered methods now? What do other people use?

  • How can I determine what exactly the exe is doing on the system? I’d like to know what files on the disk are being accessed by it, and if any changes on the system have been made. Is there any recommendations of tools to use to perform this?

Go to (the Sans institute there is a forensic package, Linux Open Source by one of their instructors.

John Hammond has some great videos on the topic of reverse engineering files.

A certain three letter agency release some very effective tools to decompile executables.

John has a video on that as well

Much appreciated guys! This has helped me out a ton, thank you <3