malware-analysis.md

opensource-malware-analysis

A collection of open source malware analysis tools

Collections

Automated

• nao-sec/tknk_scanner - [BHEU 2018 Arsenal] Community-based integrated malware identification system

Fiddler plugins

• malwareinfosec/EKFiddle - A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general

Javascript tools

• mindedsecurity/JStillery - Advanced JavaScript Deobfuscation via Partial Evaluation
• Malzilla - Malware hunting tool

Linux kernel

• iovisor/bpftrace - High-level tracing language for Linux eBPF

Office

• rtfdump
• decalage2/oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging
• VBA
  • MalwareCantFly/Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents

CMD

• fireeye/flare-qdb/deDOSfuscator.py - CMD 混淆解密工具，通过挂钩cmd.exe的函数来解决

AutoIT

• MinervaLabsResearch/ObfuscatedAutoItDecrypter/AutoIt_dec.py - a Python script for deobfuscation

Uncategorized

• cryps1s/DARKSURGEON - a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense
• alexandreborges/malwoverview - a simple tool to perform an initial and quick triage on a directory containing malware samples
• BillyONeal/Instalog - Windows malware analysis logging tool
• chenerlich/FCL - CL (Fileless Command Lines) - Known command lines of fileless malicious executions
• Neo23x0/Fnord - Pattern Extractor for Obfuscated Code

Samples

Binary

• Mac Malware
• HynekPetrak/javascript-malware-collection - Collection of almost 40.000 javascript malware samples
• beta.virusbay.io

Source codes

• ifding/iot-malware - Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code

3rdparty lists

• Fantastic Malware and Where to Find Them

Tutorials

• Malware Analysis Tools
• recon18 - Modern Linux Malware Exposed