Malware Analysis
Explore 139 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Vulnerability Management
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
HYAS Insight is a threat intelligence platform that provides infrastructure intelligence and cyber threat hunting capabilities for security operations, fraud investigations, and adversary profiling.
A cloud-based email security platform that provides comprehensive protection against email threats through multiple security layers, threat intelligence integration, and seamless integration with existing email infrastructures.
A cloud-based email security platform that provides comprehensive protection against email threats through multiple security layers, threat intelligence integration, and seamless integration with existing email infrastructures.
DIANNA is an AI-powered cybersecurity companion from Deep Instinct that analyzes and explains unknown threats, offering malware analysis and translating code intent into natural language.
DIANNA is an AI-powered cybersecurity companion from Deep Instinct that analyzes and explains unknown threats, offering malware analysis and translating code intent into natural language.
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
Interactive malware hunting service with live access to the heart of an incident.
Interactive malware hunting service with live access to the heart of an incident.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
An IDAPython script that generates YARA rules for basic blocks of the current function in IDA Pro, with automatic masking of relocation bytes and optional validation against file segments.
Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.
Binsequencer automatically generates YARA detection rules by analyzing collections of similar malware samples and identifying common x86 instruction sequences across the corpus.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.
A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.
A Go-based crash analysis tool that processes and reproduces crash files from fuzzing tools like AFL with multiple debugging engines and output formats.
A repository of YARA rules for identifying and classifying malware through pattern-based detection.
A repository of YARA rules for identifying and classifying malware through pattern-based detection.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
A semi-automatic tool to generate YARA rules from virus samples.
A semi-automatic tool to generate YARA rules from virus samples.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
angr is a Python-based binary analysis framework that provides disassembly, symbolic execution, and program analysis capabilities for cross-platform binary examination.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Generate Yara rules from function basic blocks in x64dbg.
Generate Yara rules from function basic blocks in x64dbg.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.
A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
A collection of YARA rules for research and hunting purposes.
A collection of YARA rules for research and hunting purposes.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Automate the process of writing YARA rules based on executable code within malware.
Automate the process of writing YARA rules based on executable code within malware.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.
Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.
Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.
Android Loadable Kernel Modules for reversing and debugging on controlled systems/emulators.
Android Loadable Kernel Modules for reversing and debugging on controlled systems/emulators.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Yabin creates Yara signatures from malware to find similar samples.
Interactive online malware sandbox for real-time analysis and threat intelligence
Interactive online malware sandbox for real-time analysis and threat intelligence
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.
Automatic YARA rule generation for malware repositories.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.
CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.
CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Platform for uploading, searching, and downloading malware samples.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.
A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.
A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.
Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.
Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.
Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.
A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.
A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.
An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.
An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
A static analysis framework for extracting key characteristics from various file formats
A static analysis framework for extracting key characteristics from various file formats
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.
Automatic analysis of malware behavior using machine learning.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
VolatilityBot automates memory dump analysis by extracting executables, detecting code injections, and performing automated malware scanning using YARA and ClamAV.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.
A collection of Yara rules for the Burp Yara-Scanner extension that helps identify malicious software and infected web pages during web application security assessments.
Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.
Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Hyara is a plugin that simplifies writing YARA rules with various convenient features.
Hyara is a plugin that simplifies writing YARA rules with various convenient features.
ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.
ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.
A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.
A proof-of-concept tool that generates Excel BIFF8 files with embedded 4.0 macros programmatically without requiring Microsoft Excel installation.
Tool for managing Yara rules on VirusTotal
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.
A javascript malware analysis tool with backend code execution.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.
Leading open source automated malware analysis system.
Educational resources for reverse engineering tutorials by lena151.
Educational resources for reverse engineering tutorials by lena151.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A collaborative malware analysis framework with various features for automated analysis tasks.
A collaborative malware analysis framework with various features for automated analysis tasks.
Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.
Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
An open source .NET deobfuscator and unpacker that restores packed and obfuscated assemblies by reversing various obfuscation techniques.
Binary analysis and management framework for organizing malware and exploit samples.
Binary analysis and management framework for organizing malware and exploit samples.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.
A community-maintained repository of YARA rules for detecting and classifying malware based on patterns and characteristics.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.
A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.
Capa is a malware analysis tool that detects capabilities in executable files by analyzing PE, ELF, .NET modules, shellcode, and sandbox reports to identify potential malicious behaviors with ATT&CK framework mapping.