Easy to use debugger for Portable Executable malware

Question

I am looking for recommendations in each of the categories

• free
• charged

for easy to use debuggers fit for Portable Executable (native/non-.NET) malware analysis.

Answer 1

If you cant get away with the GUI experience with OllyDbg, you can use the X64Dbg for 32 and 64 bit. There are also useful plugins. I usually use the IDAPro for static analysis.

Answer 2

In the free category, Olly is the King. If you're using Win XP or older, SoftICE is fantastic as well, though finding a copy of it can be difficult these days.

In the paid category it is IDA Pro, hands down. Chris Eagle wrote an excellent book that shows you how to do advanced reverse engineering with IDA.

Also to clarify Marco, UPX can only be used to unpack exectuables that were packed with UPX in the first place. Many malware binaries exceeding modest sophistication use custom packing techniques, which cannot be reversed using UPX.

Answer 3

There is a windows free debuger (msdn.microsoft.com/en-us/windows/hardware/gg463009)

But you can unpack .exe files with upx (upx.sourceforge.net) -> opensource And use a free debuger widely used (http://www.ollydbg.de/) --> my recommendation

One charged tool to work with Portable Executable is PE Explorer (www.heaventools.com/overview.htm)

Another great tool is IDA (https://www.hex-rays.com/products/ida/support/tutorials/unpack_pe/manual.shtml) --> my recommendation