FLARE VM is the first of its kind reverse engineering and malware analysis distribution on Windows platform. It covering everything you need to know to get started in Malware Analysis professionally. Since its introduction in July 2017, FLARE VM has been continuously trusted and used by many reverse engineers, malware analysts, and security researchers as their go-to environment for analyzing malware. Just like the ever-evolving security industry, FLARE VM has gone through many major changes to better support our users’ needs. FLARE VM now has a new installation, upgrade, and uninstallation process, which is a long anticipated feature requested by our users. FLARE VM also includes many new tools such as IDA 7.0, radare and YARA. Therefore, we would like to share these updates, especially the new installation process.
Let set it up
FLARE VM is designed to be installed on Windows 7 Service Pack 1 or newer; therefore, you can select a version of windows that best suits your needs. From this point forward, all installation steps should be performed within your VM. You can download from: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms
When you have a Windows VM, download the compressed FLARE VM repository onto your VM: https://github.com/fireeye/flare-vm
Now, start Windows PowerShell as admin permissions "Run as administrator"
Then, go to Flare-vm path, e.g: cd C:\Users\IEUser\Downloads\flare-vm-master
Enable unrestricted execution policy for PowerShell by executing the following command: Set-ExecutionPolicy unrestricted
Start installing: .\install.ps1
The rest of the installation process is fully automated. Depending upon your internet speed the entire installation may take up to one hour to finish. The VM also reboots multiple times due to the numerous software installations’ requirements. Once the installation completes, the PowerShell prompt remains open waiting for you to hit any key before exiting. After completing the installation, you will be presented with the following desktop environment:
Congratulations! You have successfully installed FLARE VM.
Here is an incomplete list of some major tools available on FLARE VM:
Disassemblers:
IDA Free 5.0 and IDA Free 7.0
Binary Ninja
Radare2 and Cutter
Debuggers:
OllyDbg and OllyDbg2
x64dbg
Windbg
File Format parser:
CFF Explorer, PEView, PEStudio
PdfStreamdumper, pdf-parser, pdfid
ffdec
offvis and officemalscanner
PE-bear
Decompilers:
RetDec
Jd-gui and bytecode-viewer
dnSpy
IDR
VBDecompiler
Py2ExeDecompiler
Monitoring tools:
SysInternal suite
RegShot
Utilities:
Hex Editors (010 editor, HxD and File Insight)
FLOSS (FireEye Labs Obfuscated String Solver)
Fakenet-NG
Yara
Malware Analyst Pack
We strongly recommend you use FLARE VM within a virtualized environment for malware analysis to protect and isolate your physical device and network from malicious activities. We assume you already have experience setting up and configuring your own virtualized environment. Happy Reversing!
Thanks Fireeye
