FLARE VM: a Windows-based security distribution for malware analysis, incident response and…

A fully configured platform with open source tools

FLARE VM is a freely available and open sourced Windows-based security distribution for reverse engineering, malware analysis, incident response, forensics analysis, and penetration tests.

FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others.


Installed Tools

Debuggers

  • OllyDbg + OllyDump + OllyDumpEx
  • OllyDbg2 + OllyDumpEx
  • x64dbg
  • WinDbg

Disassemblers

  • IDA Free
  • Binary Ninja Demo

Java

  • JD-GUI

Visual Basic

  • VBDecompiler

Flash

  • FFDec

.NET

  • ILSpy
  • DNSpy
  • DotPeek
  • De4dot

Office

  • Offvis

Hex Editors

  • FileInsight
  • HxD
  • 010 Editor

PE

  • PEiD
  • ExplorerSuite (CFF Explorer)
  • PEview
  • DIE

Text Editors

  • SublimeText3
  • Notepad++
  • Vim

Utilities

  • MD5
  • 7zip
  • Putty
  • Wireshark
  • RawCap
  • Wget
  • UPX
  • Sysinternals Suite
  • API Monitor
  • SpyStudio
  • Checksum
  • Unxutils

Python, Modules, Tools

  • Python 2.7
  • Hexdump
  • PEFile
  • Winappdbg
  • FakeNet-NG
  • Vivisect
  • FLOSS
  • FLARE_QDB
  • PyCrypto
  • Cryptography

Other

  • VC Redistributable Modules (2008, 2010, 2012, 2013)

Installation

Create and configure a new Windows 7 or newer Virtual Machine (my suggestion: get it from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/).

The installation script is a Boxstarter script which is used to deploy FLARE VM configurations and a collection of chocolatey packages.

The easiest way to run the script is to use Boxstarter’s web installer as follows:

  1. On the newly created VM, open the following URL in Internet Explorer (other browsers are not going to work):

http://boxstarter.org/package/url?[FLAREVM_SCRIPT]

where FLAREVM_SCRIPT is a path or URL to the respective FLARE VM script. For example to install the malware analysis edition:

http://boxstarter.org/package/url?https://raw.githubusercontent.com/fireeye/flare-vm/master/flarevm_malware.ps1

or if you have downloaded and copied the installation script to the local C drive:

http://boxstarter.org/package/url?C:flarevm_malware.ps1

  1. Copy install.bat and flarevm_malware.ps1 on the newly created VM and execute install.bat.

More information and downlaods

https://github.com/fireeye/flare-vm

 

Comments