This tool allows you to statically analyze Windows, Linux, OSX executables and APK files. You can get: What DLL files are used. Functions and APIs. Sections and segments. URLs, IP addresses and emails. Android permissions. File extensions and their names. And so on… Qu1cksc0pe aims to get even more information about suspicious files and helpsRead More
Django Web application for performing Static Analysis and detecting malware in Android APKs In each of the scans, it would have the following information: Application Info Security Info Components SAST Findings Best Practices Implemented Virus Total Info Certificate Info Strings Databases Files For easy access there is a sidebar on the left page ofRead More
Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject a clean version of the malware code inRead More
Distributed malware processing framework based on Python, Redis and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware* analysis systems into a robust pipeline with very little effort. We’ve been in the automation business for a long time. We’re dealing withRead More
In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking used functions in-the-fly is yet another step towards strengthening adversaryRead More
Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dynamically importing APIs (especially in shellcode) Checking running process used by analysts (Anti-Analysis) Checking VM or Antivirus artifacts (Anti-Analysis) Uchihash can generate hashes with your own custom hashing algorithm, search forRead More
Golang malware development framework Introduction ColdFire provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems. Installation go get github.com/redcode-labs/ColdFire Types of functions included Logging Auxiliary Reconnaissance Evasion Administration Sandbox detection Disruptive Documentation Logging functions func F(s string, arg …interface{}) string Alias for fmt.Sprintffunc PrintGood(msgRead More
ATMMalScan is a commandline tool for Windows operating systems version 7 and higher, which helps to search for malware traces on an ATM during the DFIR process. This tool examines the running processes of a system, as well as the hard disk, depending on the specified file path. To scan a system, a user withRead More
Freki is a free and open-source malware analysis platform. Goals Facilitate malware analysis and reverse engineering; Provide an easy-to-use REST API for different projects; Easy deployment (via Docker); Allow the addition of new features by the community. Current features Hash extraction. VirusTotal API queries. Static analysis of PE files (headers, sections, imports, capabilities, andRead More
HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new or previously unknown malware – but it also makes no distinctionRead More
