Category: Malware Analysis

GNUMacMalware AnalysisNEW TOOLSVirtual Machine

Droidefense – Advance Android Malware Analysis Framework

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.Droidefense uses an innovative…

Android SecurityARMBinary AnalysisDynamic AnalysisiOSiOS SecurityMalware AnalysisMobile SecurityMobile Security FrameworkMobSFNEW TOOLSStatic AnalysisWindows Mobile Security

MobSF (Mobile Security Framework) v1.0 – Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD…

Anti-DebuggingAPI TraceBSDC++DrltraceMalware AnalysisMalware DetectionNEW TOOLSPackersProcessesReverse EngineeringYara

Drltrace – A Library Calls Tracer For Windows And Linux Applications

Drltrace is a dynamic API calls tracer for Windows and Linux applications designed primarily for malware analysis. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. The release build can be downloaded here.UsageThe usage of drltrace is very simple. A user needs to specify a log directory and a name of a target process in the following way:drltrace -logdir . -- calc.exeThat’s all, the tool will inject required DLLs in the target process, starts instrumentation and in parallel will log information about…

Detect MalwareMalware AnalysisMalware AnalyzerMqueryNEW TOOLSYara

Mquery – YARA Malware Query Accelerator (Web Frontend)

Ever had trouble searching for particular malware samples? This project is an analyst-friendly web GUI to look through your digital warehouse.mquery can be used to search through terabytes of malware in a blink of an eye:Thanks to the UrsaDB database, queries on large datasets can be extremely fast.How does it work?YARA is pretty fast, but searching through large dataset for given signature can take a lot of time. To countermeasure this, we have implemented a custom database called UrsaDB. It is able to pre-filter the…

DARKSURGEONForensic AnalysisHardeningMalware AnalysisNEW TOOLSosqueryRed TeamReportingSysmonVirtual Machine

DARKSURGEON – A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.DARKSURGEON has three stated goals:Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment complete with tools, scripts, and utilities. Provide a framework for defenders to customize and deploy their own programmatically-built Windows images using Packer and Vagrant.Reduce the amount of latent telemetry collection, minimize error reporting, and provide reasonable privacy and hardening standards for Windows 10.If you haven't worked with packer before,…

GNUJSONMalPipeMalShareMalware AnalysisNEW TOOLSScanVirusTotalYara

MalPipe – Malware/IOC Ingestion And Processing Engine

MalPipe is a modular malware (and indicator) collection and processing framework. It is designed to pull malware, domains, URLs and IP addresses from multiple feeds, enrich the collected data and export the results.At this time, the following feeds are supported:VirusTotal ()MalShare ()BambenekFeeds ( ()Malc0deIPList ()NoThinkIPFeeds ( ()TorNodes ()Getting StartedThese instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.InstallingDeployment…

MacMalScanMalware AnalysisMalware Static AnlysisNEW TOOLSPEPE FilePython Malware AnalysisStatic AnalysisTLSYara

MalScan – A Simple PE File Heuristics Scanners

MalScan is a simple PE File Heuristics Scanners written in python that you can use to quickly analyze a PE file and find out whether anything suspicious exists. It is a simple tool so doesn't offers much fancy features. You are free to extend it or do whatever you want with it.Things SupportedInformation About file such as MD5, SHA1, TimestampPEiD Signature CheckCustom Yara Rules IntegrationSection, Imports, Exports, Resources and TLS Callbacks OverviewProvides some custom heuristics :-)InstallingYou need to have Python 2.7 installed on your…