sisoma2 / malware_analysis
Scripts, Yara rules and other files developed during malware investigations
☆24Updated 2 years ago
Related projects: ⓘ
- Generates YARA rules to detect malware using API hashing☆17Updated 3 years ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Unpacking and decryption tools for the Emotet malware☆46Updated 2 years ago
- ☆27Updated 2 years ago
- ☆13Updated last year
- ☆15Updated 2 years ago
- Go Lang Portable Executable Parser☆37Updated 3 years ago
- ☆34Updated last year
- ☆23Updated 4 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆36Updated last year
- ☆31Updated 2 years ago
- TA505 unpacker Python 2.7☆45Updated 4 years ago
- runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…☆34Updated last year
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆42Updated last year
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆57Updated last year
- Capa analysis importer for Ghidra.☆61Updated 3 years ago
- Malware Configuration Extraction Modules☆48Updated 9 months ago
- Standardized Malware Analysis Tool☆51Updated 3 years ago
- ☆15Updated last year
- A small utility to deal with malware embedded hashes.☆48Updated 11 months ago
- Maltego transforms to pivot between PE files based on their VirusTotal codeblocks☆18Updated 3 years ago
- This is a repository that is meant to hold detections for various process injection techniques.☆32Updated 4 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- A collection of shellcode hashes☆17Updated 6 years ago
- Specialized tool to dump Position Independent Code.☆21Updated 4 years ago
- Modular malware analysis artifact collection and correlation framework☆49Updated 4 months ago
- Links to malware-related YARA rules☆14Updated last year
- Imphash-like calculation on Golang binaries☆48Updated 2 years ago
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆21Updated 2 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 3 years ago