Malware Research
Browse 23 malware research tools
FEATURED
Security research publication, software testing, and annual conference org.
Security research publication, software testing, and annual conference org.
Expands a single malware hash into full family visibility via structural analysis.
Expands a single malware hash into full family visibility via structural analysis.
Manual malware analysis lab with CSI module for in-depth threat inspection.
Manual malware analysis lab with CSI module for in-depth threat inspection.
Automated malware analysis via hypervisor-level sandbox & static analysis.
Automated malware analysis via hypervisor-level sandbox & static analysis.
Plugin that decompiles malware PE files into readable C code using hybrid analysis.
Plugin that decompiles malware PE files into readable C code using hybrid analysis.
Cloud-based bare-metal malware analysis lab for SOC, CERT & CIRT teams.
Cloud-based bare-metal malware analysis lab for SOC, CERT & CIRT teams.
Cloud-based platform that maps malware relationships for threat intelligence.
Cloud-based platform that maps malware relationships for threat intelligence.
Threat intel service for financial institutions focused on fraud & banking malware.
Threat intel service for financial institutions focused on fraud & banking malware.
Expert malware reverse engineering service for APT removal & actor profiling.
Expert malware reverse engineering service for APT removal & actor profiling.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.
A tool that generates pseudo-malicious files to trigger YARA rules.
A tool that generates pseudo-malicious files to trigger YARA rules.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.
A .Net wrapper library for the native Yara library with interoperability and portability features.
A .Net wrapper library for the native Yara library with interoperability and portability features.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.
A strings statistics calculator for YARA rules to aid malware research.
A strings statistics calculator for YARA rules to aid malware research.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.
