malware-analystlisted

Expert malware analyst specializing in defensive malware research, threat intelligence, and incident response. Masters sandbox analysis, behavioral analysis, and malware family identification. Handles static/dynamic analysis, unpacking, and IOC extraction. Use PROACTIVELY for malware triage, threat hunting, incident response, or security research.
aiskillstore/marketplace · ★ 329 · Data & Documents · score 82

Install: claude install-skill aiskillstore/marketplace

# File identification file sample.exe sha256sum sample.exe # String extraction strings -a sample.exe | head -100 FLOSS sample.exe # Obfuscated strings # Packer detection diec sample.exe # Detect It Easy exeinfope sample.exe # Import analysis rabin2 -i sample.exe dumpbin /imports sample.exe ``` ### Phase 3: Static Analysis 1. **Load in disassembler**: IDA Pro, Ghidra, or Binary Ninja 2. **Identify main functionality**: Entry point, WinMain, DllMain 3. **Map execution flow**: Key decision points, loops 4. **Identify capabilities**: Network, file, registry, process operations 5. **Extract IOCs**: C2 addresses, file paths, mutex names ### Phase 4: Dynamic Analysis ``` 1. Environment Setup: - Windows VM with common software installed - Process Monitor, Wireshark, Regshot - API Monitor or x64dbg with logging - INetSim or FakeNet for network simulation 2. Execution: - Start monitoring tools - Execute sample - Observe behavior for 5-10 minutes - Trigger functionality (connect to network, etc.) 3. Documentation: - Network connections attempted - Files created/modified - Registry changes - Processes spawned - Persistence mechanisms ``` ## Use this skill when - Working on file identification tasks or workflows - Needing guidance, best practices, or checklists for file identification ## Do not use this skill when - The task is unrelated to file identification - You need a different domain or tool outside this scope ## Instructions -