Category: Malware Analysis
OpenArk OpenArk is an open-source anti-rootkit (ARK) tool for Windows. Ark is an Anti-Rootkit abbreviated, it aims at reversing/programming helper, and also users can find hidden malwares in the OS. More and more powerful...
ELFEN: Linux Malware Analysis Sandbox ELFEN is a dockerized sandbox for analyzing Linux (file type: ELF) malware. It leverages an array of open-source technologies to perform both static and dynamic analysis. Results are available...
de4py De4py is an advanced Python deobfuscator with a beautiful UI and a set of Advanced features that enable malware analysts and reverse engineers to deobfuscate Python files and more. Features Feature Function Deobfuscation...
YAMA YAMA is a system for generating scanners that can inspect specific malware during incident response. The scanner generated by YAMA is designed to explore the memory of Windows OS and detect malware. With...
VBoxCloak A PowerShell script that attempts to help malware analysts hide their VirtualBox Windows VM’s from malware that may be trying to evade analysis. Guaranteed to bring down your pafish ratings by at least...
Crawlector Crawlector (the name Crawlector is a combination of Crawler & Detector) is a threat hunting framework designed for scanning websites for malicious objects. Note-1: The framework was first presented at the No Hat conference in Bergamo, Italy on...
CryptoTester A utility for playing with cryptography, geared toward ransomware analysis. Hex Views All hex views used in CryptoTester offer a few enhanced capabilities. Null bytes are colored a lighter gray Bytes representing ASCII...
C2-Hunter C2-Hunter is a program designed for malware analysts to extract Command and Control (C2) traffic from malwares in real time. The program uses a unique approach by hooking into win32 connections APIs. With...
yaraQA YARA rule Analyzer to improve rule quality and performance Why? YARA rules can be syntactically correct but still dysfunctional. yaraQA tries to find and report these issues to the author or maintainer of...
msidump MSI Dump – a tool that analyzes malicious MSI installation packages, extracts files, streams, and binary data, and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether...
PortexAnalyzerGUI Graphical interface for PortEx, a Portable Executable and Malware Analysis Library PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly...
IATelligence IATelligence is a Python script that extracts the Import Address Table (IAT) from a PE file and uses OpenAI’s GPT-3 model to provide details about each Windows API imported by the file. The...
PortEx PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at...
OneNoteAnalyzer A C# based tool for analyzing malicious OneNote documents Description Recently we came across a few malicious OneNote Documents being distributed in the wild by various threat actors. This gave us the idea...
sharem SHAREM is intended to be the ultimate Windows shellcode tool, with support to emulate over 12,000 WinAPIs, virtually all user-mode Windows syscalls, and SHAREM provides numerous new features. SHAREM was released on September...