Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Stars: ✭ 10,212 (+3984.8%)

Mutual labels: static-analysis, malware-analysis

Malwaredatascience

Malware Data Science Reading Diary / Notes

Stars: ✭ 82 (-67.2%)

Mutual labels: malware, malware-analysis

Php Malware Finder

Detect potentially malicious PHP files

Stars: ✭ 1,245 (+398%)

Mutual labels: malware, yara

Florentino

Fast Static File Analysis Framework

Stars: ✭ 92 (-63.2%)

Mutual labels: static-analysis, malware-analysis

Ursadb

Trigram database written in C++, suited for malware indexing

Stars: ✭ 72 (-71.2%)

Mutual labels: malware, yara

Malice

VirusTotal Wanna Be - Now with 100% more Hipster

Stars: ✭ 1,253 (+401.2%)

Mutual labels: malware, malware-analysis

Awesome Yara

A curated list of awesome YARA rules, tools, and people.

Stars: ✭ 1,394 (+457.6%)

Mutual labels: malware-analysis, yara

Malware Feed

Bringing you the best of the worst files on the Internet.

Stars: ✭ 69 (-72.4%)

Mutual labels: malware, malware-analysis

Malwarelab vm Setup

Setup scripts for my Malware Analysis VMs

Stars: ✭ 126 (-49.6%)

Mutual labels: static-analysis, malware-analysis

View All Similar Projects ➔

PEpper

An open source tool to perform malware static analysis on Portable Executable

Installation

[email protected]:~$ git clone https://github.com/blackeko/PEpper/
[email protected]:~$ cd PEpper
[email protected]:~$ pip3 install -r requirements.txt
[email protected]:~$ python3 pepper.py ./malware_dir

Screenshot

and more rows..

CSV output

and more columns..

Feature extracted

Suspicious entropy ratio
Suspicious name ratio
Suspicious code size
Suspicious debugging time-stamp
Number of export
Number of anti-debugging calls
Number of virtual-machine detection calls
Number of suspicious API calls
Number of suspicious strings
Number of YARA rules matches
Number of URL found
Number of IP found
Cookie on the stack (GS) support
Control Flow Guard (CFG) support
Data Execution Prevention (DEP) support
Address Space Layout Randomization (ASLR) support
Structured Exception Handling (SEH) support
Thread Local Storage (TLS) support
Presence of manifest
Presence of version
Presence of digital certificate
Packer detection
VirusTotal database detection
Import hash

Notes

Can be run on single or multiple PE (placed inside a directory)
Output will be saved (in the same directory of pepper.py) as output.csv
To use VirusTotal scan, add your private key in the module called "virustotal.py" (Internet connection required)

Credits

Many thanks to those who indirectly helped me in this work, specially:

The LIEF project and its awesome library
PEstudio, a really amazing software to analyze PE
PEframe from guelfoweb, an incredible widespread tool to perform static analysis on Portable Executable malware and malicious MS Office documents
Yara-Rules project, which provides compiled signatures, classified and kept as up to date as possible

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 250

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗