nubb/blog/vmsetup

> A quick look at my reversing VM!

(12/20/2025), 2 minute read ⏰

Since my last post on reversing WannaCry, I took the liberty to set up a proper reversing setup. I already had virt-manager setup on my Arch Linux host (btw), so why not, I dunno, ACTUALLY USE IT FOR SOMETHING USEFUL AND PRODUCTIVE.

The amazing Dodo on the OALabs discord server mentioned a neat installer of RE tools, called retoolkit. It comes with a lot of nice tools, most of which I didn't install. I installed some C# decompilation stuff (dnSpyEX, among others), HxD, pestudio, PE Bear, pdf-parser.py (Flare-On 12 has convinced me to have PDF analysis tools), some Java and Go analysis tools, Resource Hacker, System Informer, and that's it (at least, everything I remember I installed).

I did go ahead and install Binja for myself, for two reasons. 1) I hate having to access my IDA license key everywhere I go. 2) I really wanna learn and get used to Binja since I'm seeing it be increasibly powerful with its plugin ecosystem, which I can't even use on the Free plan, but its best to get used to the software now and buy a Personal License in the future to power it up.

I did not install x64dbg since I don't plan to do any dynamic analysis on this VM; that'll be for another VM, if I ever really get into that stuff (I'll probably just offload all dynamic analysis to online sandboxes, but that won't work for all cases :/).

I'm happy with how everything turned out. All that's left is to see how effective it is at actually performing some analysis. Below is an image of the desktop at the moment. Thanks for checking out this post, and have a good rest of your day!

Edit (like 40 minutes after blog release)

I forgot to include that I installed DiE, API Monitor, and Python 3. I also came across Malcat, which I am immediately intrigued by since Josh Reynolds is involved with it. This guy is awesome and he's super knowledgeable and chill (head of Invoke RE). Malcat looks VERY, VERYYYYYYYY interesting as an end-all-be-all disassembly tool (on top of being a hex editor, so HxD is not needed). Built-in threat intelligence reports for your sample is incredible and I'm amazed at the amount of goodies they loaded into this one program.