Malware Analysis
Tools and techniques for analyzing, reverse-engineering, and understanding malicious software.Explore 253 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
Go bindings for YARA with installation and build instructions.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A Python script that converts shellcode into a PE32 or PE32+ file.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool for reverse engineering Android apk files.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
Code to prevent a managed .NET debugger/profiler from working.
Code to prevent a managed .NET debugger/profiler from working.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
Automatic analysis of malware behavior using machine learning.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A library of PHP unserialize() payloads and a tool to generate them.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A Go library for manipulating YARA rulesets with the ability to programatically change metadata, rule names, and more.
A Go library for manipulating YARA rulesets with the ability to programatically change metadata, rule names, and more.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.