base64_substring Logo

base64_substring

0
Free
Visit Website

The base64_substring tool helps malware analysts search through base64-encoded samples by enumerating all possible base64 encodings for a given search term and generating a yara rule that checks those possibilities. To run an example, generate a yara rule that matches a base64-encoded file containing the term 'Application' by using the provided script. Further reading: 'Searching for Content in Base-64 Strings' by Lee Holmes.

FEATURES

ALTERNATIVES

IDA Pro plugin for finding crypto constants

A tool for injecting and loading executables with a focus on stealth techniques.

KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.

A GitHub repository for fuzzing and testing file formats

Define and validate YARA rule metadata with CCCS YARA Specification.

A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence

A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.

A file analysis framework that automates the evaluation of files by running a suite of tools and aggregating the output.