Often I have trouble getting a fresh Windows 7 install working with malware analysis tools.
If you too, follow the steps :
Install a windows 7 family premium SP1
- Install valid Root Certificate : http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt
- Install KB update embedding SHA2 (KB3033929) : https://www.microsoft.com/fr-fr/download/details.aspx?id=46148
- Install .Net 4.8 : https://dotnet.microsoft.com/en-us/download/dotnet-framework/net48
- Activate script execution in PowerShell :
Set-ExecutionPolicy Unrestricted
(in admin powershell) - download the upadte of Powershell (KB3191566) : https://docs.microsoft.com/fr-fr/powershell/scripting/windows-powershell/wmf/setup/install-configure?view=powershell-7.2
- Decompress the archive and execute the script
Install-WMF5.1.ps1
- Install flare VM (https://github.com/mandiant/flare-vm) : execute install.ps1
- The sysinternals suite installed by flare VM won't work. You have to install an old version of sysinternals (https://www.afterdawn.com/software/system_tools/system_information/sysint_suite.cfm/july_18,_2012#all_versions)
If you don't want the flare-vm tools, I recommand at least the following ones :
https://hex-rays.com/ida-free/
https://github.com/mandiant/capa
https://sourceforge.net/projects/regshot/
For windows7 use old version : https://www.afterdawn.com/software/system_tools/system_information/sysint_suite.cfm/july_18,_2012#all_versions
https://github.com/hasherezade/pe-bear-releases
https://github.com/processhacker/processhacker
https://www.winitor.com/features
https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml