MalConfScan Logo

MalConfScan

0
Free
Visit Website

MalConfScan is a Volatility plugin that extracts configuration data of known malware, searches for malware in memory images, and dumps configuration data. It also has a function to list strings to which malicious code refers. Supported malware families include Ursnif, Emotet, Smoke Loader, PoisonIvy, CobaltStrike, and many others. Additionally, it can dump decoded strings or DGA domains. MalConfScan also provides additional analysis by listing strings to which malicious code refers and decoding configuration data usually encoded by malware.

FEATURES

ALTERNATIVES

Scripts to automate the process of enumerating a Linux system through a Local File Inclusion (LFI) vulnerability.

A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.

Hoarder is a tool to collect and parse windows artifacts.

Remote Acquisition Tool

Generate comprehensive reports about Windows systems with detailed system, security, networking, and USB information.

A script to assist in creating templates for VirtualBox to enhance VM detection evasion.

A library to access and parse Windows NT Registry File (REGF) format.

A repository containing material from a talk on sub-domain enumeration techniques

PINNED