Explorer Suite
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
yarGen is a generator for YARA rules. The main principle is the creation of yara rules from strings found in malware files while removing all strings that also appear in goodware files. yarGen includes a big goodware strings and opcode database as ZIP archives that have to be extracted before the first use. In version 0.24.0, yarGen introduces an output option (--ai). This feature generates a YARA rule with an expanded set of strings and includes instructions tailored for an AI. Activating the --ai flag appends the instruction text to the yargen_rules.yar output file, which can subsequently be fed into your AI for processing. With version 0.23.0 yarGen has been ported to Python3. If you'd like to use a version using Python 2, try a previous release. (Note that the download location for the pre-built databases has changed)
A freeware suite of tools for PE editing and process viewing, including CFF Explorer and Resource Editor.
dynStruct is a tool for monitoring memory accesses of an ELF binary and recovering structures of the original code.
A PE/COFF file viewer that displays header, section, directory, import table, export table, and resource information within various file types.
A collection of publicly available YARA rules for detecting and classifying malware.
Platform for uploading, searching, and downloading malware samples.
Collection of malware persistence information and techniques