Quark Engine An Obfuscation-Neglect Android Malware Scoring System Android malware analysis engine is not a new story. Every antivirus company has its own secrets to build it. With curiosity, we develop a malware scoring...
hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). It is an application based on PE-sieve (a library version), so there is a big overlap...
Ransomware Simulator The goal of this repository is to provide a simple, harmless way to check your AV’s protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document...
DroidDetective DroidDetective is a Python tool for analysing Android applications (APKs) for potential malware-related behaviour and configurations. When provided with a path to an application (APK file) Droid Detective will make a prediction (using...
Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware* analysis systems into a robust...
XLM Macro Deobfuscator XLM Macro Deobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros, without fully performing the...
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
Arya – The Reverse YARA Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it as a reverse YARA because it does exactly the opposite...
Mitaka Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool. It works as a Chrome extension and it makes it possible to search/scan IOC via the context menu. Features Supported IOC types...
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe)...
