Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.

Stars: ✭ 182 (-40.72%)

Mutual labels: malware-analysis, malware-research, reverse-engineering

Xapkdetector

APK/DEX detector for Windows, Linux and MacOS.

Stars: ✭ 208 (-32.25%)

Mutual labels: malware-analysis, malware-research, reverse-engineering

Antidebugging

A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.

Stars: ✭ 161 (-47.56%)

Mutual labels: malware-analysis, malware-research, reverse-engineering

Nauz File Detector

Linker/Compiler/Tool detector for Windows, Linux and MacOS.

Stars: ✭ 146 (-52.44%)

Mutual labels: malware-analysis, malware-research, reverse-engineering

Malware Analysis Scripts

Collection of scripts for different malware analysis tasks

Stars: ✭ 61 (-80.13%)

Mutual labels: malware-analysis, malware-research, reverse-engineering

Malwarelab vm Setup

Setup scripts for my Malware Analysis VMs

Stars: ✭ 126 (-58.96%)

Mutual labels: malware-analysis, malware-research, reverse-engineering

Scratchabit

Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

Stars: ✭ 369 (+20.2%)

Mutual labels: ida, ida-plugin, reverse-engineering

Rematch

REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.

Stars: ✭ 141 (-54.07%)

Mutual labels: ida, ida-plugin, reverse-engineering

View All Similar Projects ➔

Polichombr

What is Polichombr?

This tool aim to provide a collaborative malware analysis framework.

Documentation

A more detailed documentation is placed in the docs folder

Features

Sample storage and documentation
Semi automated malware analysis
IDA Pro collaboration
Online disassembly
Binary matching with the MACHOC fuzzy hash algorithm
Yara matching

Installation

Please see the corresponding file in the docs directory

Example scripts

Scripts under the folder examples permits some basic actions for a Polichombr instance.

Screenshots

Generic sample informations

Family/Threat overview

Online disassembly

Share IDA Pro informations from the WebUI / directly to other users

Automated hotpoints detection

Taking notes right from IDA

Feature documentation

Malware analysis

Polichombr provides an engine to automate the analysis tasks by identifying points of interest inside the malicious binary, and providing them both on a web interface and inside the analyst's tools via an API.

Plugins / tasks

Analysis tasks are loaded from the app/controllers/tasks directory, and must inherit from the Task object. In particular, several tasks are already implemented:

AnalyzeIt, a ruby script based on metasm, wich is used to identify interesting points in the binary. The goal is to help the analyst by giving hints about where to start. For example, we try to identify crypto loops, functions wich calls sensitive API (file, process, network, ...)
Peinfo : We load the PE metadata with the peinfo library.
Strings : extract ASCII and Unicode strings

Signatures

We use several signature models to classify malware:

Yara
imphash
Machoc

Machoc

Machoc is a CFG-based algorithm to classify malware. For more informations, please refer to the following documentation:

IDA Collaboration: Skelenox

This is an IDAPython plugin, wich is used to synchronize the names and comments with the knowledge base, and with other users database

Contributing

Contributions are welcome, so please read CONTRIBUTING.md to have a quick start on how to get help or add features in Polichombr

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 307

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (20) 🔗