| Remnux | A Linux Toolkit for Malware Analysis |
| Capa | capa detects capabilities in executable files. You run it against a PE, ELF, .NET module, shellcode file, or a sandbox report and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate. |
| Resource Hacker | A freeware resource compiler & decompiler for Windows® applications |
| PE-bear | PE-bear is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files. |
| Unpac me | Automated malware unpacking and artifact extraction |
| Detect It Easy (DiE) | Program for determining types of files for Windows, Linux and MacOS. |
| string sifter | StringSifter is a machine learning tool that automatically ranks strings based on their relevance for malware analysis. |
| procdot | ProcDOT is a powerful tool for visual malware analysis that integrates data from tools like Sysinternals' Procmon and network sniffers. It creates interactive graphs to visualize and correlate malware activities, including thread injection detection and network interaction. |
| Recorded Future Triage | Free, public Sandbox |