Utilities
Easy-to-setup IRC server. Useful when analysing IRC-based malware.
A web app that runs locally and provides a set of useful tools like converters (base64, ROT13, etc).
Nice simple tool to show description from error codes used by Windows API. It supports input both in decimal or hexadecimal prefixed a 0x prefix.
Have you ever needed manpages-like documentation for Windows API functions? Now you have it. You can also see the structures like _PEB and others.
Structured Storage Viewer is a program to open any structured storage files. From a malware analyst / reverser point of view, good examples include old Microsoft Office documents (.doc, .xls, etc) and MSI (Microsoft Installer Packages). These files use the Compound Binary Format and are known by many names (CBF, CFBF, CDF, OLE, OLE2, etc). I know it's confusing. 😞
If you are analyzing MSI files, be aware that they support CustomAction tables. Both SSView and 7Zip are able to extract streams from a MSI package.
Everything you do in VirusTotal web UI from the command-line.
Call any Windows API function from the command-line. Examples:
winapiexec user32.dll@MessageBox 0 "World!" "Hello" 0
Shorter way:
winapiexec u@MessageBox 0 "World" "Hello" 0
kernel32.dll is the default if you don't specify a DLL:
winapiexec @Sleep 0x3e8
It also supports nested functions. Check the author website.