This section will contain documentation about the tools installed on the REMnux® distro. Would you like to contribute your insights on REMnux and its tools to expand this document set?

Tools Installed on REMnux

The listing of tools installed on REMnux outlines and categorizes the utilities you can use for analyzing malicious software on REMnux. For additional details, take a look at the XLSX spreadsheet or the XMind-formatted mind map, which outline these tools.

REMnux Cheat Sheet

The one-page REMnux cheat sheet highlights some of the most useful tools and commands available on REMnux. It’s an especially nice starting point for people who are new to the distro.

Recorded REMnux Webcasts

To get started with the REMnux distro and become familiar with some of its capabilities, tune into the following recorded webcasts:

Articles on Using REMnux or its Tools

Here are some of the blog posts and articles written about using REMnux for malware analysis:

If you write or locate other tutorials or articles that demonstrate the use of REMnux, please let Lenny Zeltser know.

Known Issues

High Native Resolution

When running REMnux as a virtual appliance on a system with a very high native resolution, virtualization software might set the VM’s resolution such that REMnux user interface elements and fonts are tiny, almost unreadable. In this case, you can configure REMnux to scale the fonts and many other UI elements by adding the command Xft.dpi: 160 to the ~/.Xresources file on REMnux and then rebooting the VM. You can do this by running the following commands on REMnux:

echo "Xft.dpi: 160" > ~/.Xresources
reboot

The setting above will persist across reboots, scaling the UI by 160%. An alernative to this method is to execute the following command every time you boot up REMnux, though this approach generally produces less-pleasing results:

xrandr --output Virtual1 --scale 0.6x0.6

Importing Into Old VMware Version

When importing the REMnux virtual appliance into an old version of VMware Workstation, Fusion or Player, you may get the error message that states, “Failed to open virtual machine: Failed to query source for information.” In this case, you should upgrade to a later version of VMware software. If upgrading is not feasible, you may be able to use the VMware OVF Tool to convert the REMnux OVA file to the VMX format.

Mouse Clicks on VMware Fusion

When using VMware Fusion to run the REMnux virtual machine, the VM might stop recognizing the mouse clicks. According to VMware, this occurs when the “virtual machine detects the connected mouse as a USB device and not as a HID device. While the mouse pointer may still move within the virtual machine, mouse clicks do not register.” To address the problem, edit the .VMX file of your REMnux virutal machine to include the following line:

mouse.vusb.startConnected = "FALSE"

Security Tools Blocking Package Downloads

A handful of people running REMnux installation or update scripts within virtual machines noticed that the antivirus tool installed on their underlying host flagged some REMnux packages as malicious and blocked their download. This is a false alarm. However, if you encounter this, you might need to disable the host’s anivirus tool while running the script or whitelist the offending files or URLs to avoid getting them blocked.