Malware Analysis Tools
Malware analysis tools whose primary job is to reverse-engineer, detonate, and classify malware samples.
Browse 163 malware analysis tools
FEATURED
USE CASES
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
Largest open collection of Android malware samples, with 298 samples and contributions welcome.
A disassembly framework with support for multiple hardware architectures and clean API.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
Dynamic binary analysis library with various analysis and emulation capabilities.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
A minimal, consistent API for building integrations with malware sandboxes
Repository of TRISIS/TRITON/HatMan malware samples and decompiled sources targeting ICS Triconex SIS controllers.
RABCDAsm is a collection of utilities for ActionScript 3 assembly/disassembly and SWF file manipulation.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A sandbox for quickly sandboxing known or unknown families of Android Malware
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
