FLARE VM – a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc..

Installed Tools

Android

• dex2jar
• apktool

Debuggers

• flare-qdb
• scdbg
• OllyDbg + OllyDump + OllyDumpEx
• OllyDbg2 + OllyDumpEx
• x64dbg
• WinDbg + OllyDumpex + pykd

Decompilers

• RetDec

Delphi

• Interactive Delphi Reconstructor (IDR)

Developer Tools

• VC Build Tools
• NASM

Disassemblers

• Ghidra
• IDA Free (5.0 & 7.0)
• Binary Ninja Demo
• radare2
• Cutter

.NET

• de4dot
• Dot Net String Decoder (DNSD)
• dnSpy
• DotPeek
• ILSpy
• RunDotNetDll

Flash

• FFDec

Forensic

• Volatility
• Autopsy

Hex Editors

• FileInsight
• HxD
• 010 Editor

Java

• JD-GUI
• Bytecode-Viewer
• Java-Deobfuscator

JavaScript

• malware-jail

Networking

• FakeNet-NG
• ncat
• nmap
• Wireshark

Office

• Offvis
• OfficeMalScanner
• oledump.py
• rtfdump.py
• msoffcrypto-crack.py

PDF

• PDFiD
• PDFParser
• PDFStreamDumper

PE

• PEiD
• ExplorerSuite (CFF Explorer)
• PEview
• DIE
• PeStudio
• PEBear
• ResourceHacker
• LordPE
• PPEE(puppy)

Pentest

• Windows binaries from Kali Linux

Powershell

• PSDecode

Text Editors

• SublimeText3
• Notepad++
• Vim

Visual Basic

• VBDecompiler

Web Application

• BurpSuite Free Edition
• HTTrack

Utilities

• FLOSS
• HashCalc
• HashMyFiles
• Checksum
• 7-Zip
• Far Manager
• Putty
• Wget
• RawCap
• UPX
• RegShot
• Process Hacker
• Sysinternals Suite
• API Monitor
• SpyStudio
• Shellcode Launcher
• Cygwin
• Unxutils
• Malcode Analyst Pack (MAP)
• XORSearch
• XORStrings
• Yara
• CyberChef
• KernelModeDriverLoader
• Process Dump
• Exe2Aut
• Innounp
• InnoExtract
• UniExtract2
• Hollows-Hunter
• PE-sieve
• ImpRec
• ProcDot

Python, Modules, Tools

• Py2ExeDecompiler
• pyinstxtractor
• Python 2.7
  • hexdump
  • pefile
  • winappdbg
  • pycryptodome
  • vivisect
  • binwalk
  • capstone-windows
  • unicorn
  • oletools
  • olefile
  • unpy2exe
  • uncompyle6
  • pycrypto
  • pyftpdlib
  • pyasn1
  • pyOpenSSL
  • ldapdomaindump
  • pyreadline
  • flask
  • networkx
  • requests
  • msoffcrypto-tool
  • yara-python
  • mkyara
• Python 3.7
  • binwalk
  • unpy2exe
  • uncompyle6
  • StringSifter
  • hexdump
  • pycryptodome
  • oletools
  • olefile
  • msoffcrypto-tool
  • pyftpdlib
  • pyasn1
  • pyOpenSSL
  • acefile
  • requests
  • yara-python
  • mkyara

Other

• VC Redistributable Modules (2005, 2008, 2010, 2012, 2013, 2015, 2017)
• .NET Framework versions 4.8
• Practical Malware Analysis Labs
• Google Chrome
• Cmder

Changelog v2.3.3

New packages:

• java-deobfuscator-gui.fireeye
• AutoItExtractor.fireeye
• Autopsy.fireeye
• pyinstxtractor.fireeye
• ImpRec.fireeye
• procdot.fireeye
• rtfdump.fireeye
• msoffcrypto-crack.fireeye
• PSDecode.fireeye
• burp.free.fireeye
• fiddler.fireeye
• HTTrack.fireeye
• malware-jail.fireeye
• capa.fireeye

Installation

Clone the repo

git clone https://github.com/fireeye/flare-vm.git

Create and configure a new Windows 7 or newer Virtual Machine. To install FLARE VM on an existing Windows VM, download and copy install.ps1 on your analysis machine. On the analysis machine open PowerShell as an Administrator and enable script execution by running the following command:

Set-ExecutionPolicy Unrestricted

Finally, execute the installer script as follows:

.\install.ps1

The script will set up the Boxstarter environment and proceed to download and install the FLARE VM environment. You will be prompted for the Administrator password in order to automate host restarts during installation.

Installing a new package

FLARE VM uses the chocolatey public and custom FLARE package repositories. It is easy to install a new package. For example, enter the following command as Administrator to deploy x64dbg on your system:

cinst x64dbg

Staying up to date

Type the following command to update all of the packages to the most recent version:

cup all

Source: https://github.com/fireeye/