IDA_scripts
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
For when your malware samples are stored compressed, but you still want to run rules against them. Currently supports: GZip, BZip2, LZMA (XZ). Modules used: Go-Yara: https://github.com/hillu/go-yara, XZ: https://github.com/ulikunitz/xz. Motivation: I've had to test Yara rules with compressed malware on systems with or without Yara installed. Compiled statically against libyara for ease of use. Currently runs a rule file against a directory of files. Future thoughts: Support for files in Zip and Tar archives, password-protected Zip and 7z files, and testing common passwords.
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
Leading open source automated malware analysis system.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Powerful debugging tool with extensive features and extensions for memory dump analysis and crash dump analysis.
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A tool for malware analysts to search through base64-encoded samples and generate yara rules.