Overview
FLARE VM is a Windows-based malware analysis and reverse engineering environment developed by Mandiant. It includes a wide range of tools for debugging, decompiling, and analyzing malware in a safe, controlled setting.
In this guide, I’ll cover how to install FLARE VM on a Windows VM.
Prerequisites
Before installing FLARE VM, make sure you have:
- A Windows 10 or 11 VM (never install it on your main system).
- At least 60GB of free disk space.
- PowerShell with Administrator privileges.
Installation Steps
Step 1: Open PowerShell as Administrator
- Press Win + X and select Windows PowerShell (Admin).
Step 2: Set Execution Policy
Since FLARE VM installs many tools, we need to adjust the execution policy:
Set-ExecutionPolicy Unrestricted -Scope CurrentUser
Step 3: Download and Run the FLARE VM Installer
Run the following command in PowerShell:
iwr -useb https://raw.githubusercontent.com/mandiant/flare-vm/master/install.ps1 | iex
Step 4: Follow the Installation Process
- The script will download and install all necessary tools.
- This process can take 30–60 minutes.
- Once done, restart your VM.
What’s Included in FLARE VM?
Once installed, FLARE VM provides a powerful toolkit for Windows malware analysis, including:
- IDA Free & Ghidra – Reverse engineering tools
- x64dbg & OllyDbg – Debuggers
- PEStudio & Detect It Easy (DIE) – Static analysis tools
- Wireshark & Fakenet-NG – Network analysis
- And many more!
Conclusion
FLARE VM turns a Windows VM into a powerful malware analysis lab. Whether you’re analyzing malware samples, reverse engineering, or performing incident response, FLARE VM is a must-have tool for cybersecurity professionals.