Connect with us

Hi, what are you looking for?



FireEye Releases Free Malware Analysis Toolbox

FireEye has released a piece of software that creates a fully customizable virtual machine (VM) containing all the tools and tweaks needed for malware analysis and other cybersercurity-related tasks.

FireEye has released a piece of software that creates a fully customizable virtual machine (VM) containing all the tools and tweaks needed for malware analysis and other cybersercurity-related tasks.

FLARE VM – where FLARE stands for FireEye Labs Advanced Reverse Engineering – is a Windows-based security distribution inspired by Linux distros such as Kali and REMnux. It was developed by FireEye threat researcher Peter Kacherginsky in order to address the challenges associated with maintaining a custom VM.

It provides a platform that includes a comprehensive collection of security tools that can be used to conduct malware analysis, reverse engineering, incident response, forensic investigations and penetration testing. It includes disassemblers, debuggers, decompilers, static and dynamic analysis, exploitation, vulnerability assessment, and network analysis tools.

In order to install FLARE VM, users need a virtual machine with Windows 7 or a newer version of the operating system. From the VM, they need to visit a URL in Internet Explorer and the installation starts. The process takes 30-40 minutes, depending on the connection speed, and it involves several restarts of the system.

Once the installation has been completed, users are advised to make a snapshot of the VM to save its clean state and switch networking settings to Host-Only in order to prevent the analyzed malware samples from connecting to the local network or the Internet.


According to FireEye, users can easily customize their FLARE VM installation as it is built using the Chocolatey package management system. Users can choose tools from both the Chocolatey repository and FireEye’s FLARE repository, which is continually expanded.

Ensuring that the tools included in FLARE VM are up to date is also easy. Running the command “cup all” will update all the installed packages.

FireEye has made available usage instructions and source code on GitHub. A blog post published by the company also provides an example for how FLARE VM can be used to analyze a malware sample.

Advertisement. Scroll to continue reading.

Related: Kaspersky Releases Open Source Digital Forensics Tool

Related: Cisco Releases Open Source Malware Signature Generator

Related: Google’s Binary Comparison Tool “BinDiff” Available for Free

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.