Do you know why security researchers know the source of malicious code and how it spreads? Usually researchers will decompile the malicious file from the exe or any file into its source code, because most malicious code will be encrypted or obfuscate the code. The Retoolkit source code analysis and decompiler synthesizer will help you do this easily.
Retoolkit aka Reverse Engineer’s Toolkit is a collection of tools to help decompile source code if you are passionate about decompiling and analyzing malware on x86 and x64 Windows systems. After installing this toolkit, you will have the combined tools used to decompile the source code used by many people, the list includes:
Of course you can still download individual software from the official websites and install them yourself. But if you Download Reverse Engineer’s Toolkit, you will save a lot of time compared to installing it manually. Also, the tools are preconfigured for x86 and x64 versions so you’ll find things like x64dbg with a few plugins, command line tools that work from any directory, etc. Best to install on virtual machine, because the analysis of malicious code can affect the real machine.
- .NET: de4dot, dnSpy
- Compilers: fasm (The flat assembler)
- Debuggers: x64dbg (Plugin %AppFolder%x64dbgscripts)
- Decompilers: Exe2Aut, Ghidra, IDR, JD-GUI, myAutToExe, Recaf
- Document analysis: OfficeMalScanner
- Hexadecimal editors: Fhex, ImHex, rehex
- PE analyzers: capa, Detect It Easy, FLOSS, PE-Bear, pestudio, pev
- PE resources editors: Resource Hacker
- Process monitors: API Monitor, FileGrab, Process Hacker, System Explorer
- Signature tools: YARA
- Unpacking: NoVmp, UPX, XVolkolak
- Utilities: beware ircd, CyberChef, Error Lookup, manw, SSView, vt-cli, winapiexec
The source code shared on github has not been built, so when you view the source you will see *.iss files, this is the file created by the author built with Inno Setup. To download the installer you can download it from the Release page.
This toolkit may not be enough in some cases of decompile, if you want to fully complement it, you can install additional tools such as: Ollydbg, IDA, Hexedit, WinMerge, CFF explorer, Scylla …