GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fr0gger → unprotect

fr0gger / unprotect

Licence: other
Unprotect is a python tool for parsing PE malware and extract evasion techniques.

Programming Languages

python
139335 projects - #7 most used programming language
c
50402 projects - #5 most used programming language

Labels

packersandboxmalwareevasionanti-debug

Projects that are alternatives of or similar to unprotect

malware api class
Malware dataset for security researchers, data scientists. Public malware dataset generated by Cuckoo Sandbox based on Windows OS API calls analysis for cyber security researchers
Stars: ✭ 134 (+78.67%)
Mutual labels:  sandbox, malware
Norimaci
Norimaci is a simple and lightweight malware analysis sandbox for macOS
Stars: ✭ 37 (-50.67%)
Mutual labels:  sandbox, malware
fake-sandbox
👁‍🗨 This script will simulate fake processes of analysis sandbox/VM software that some malware will try to avoid.
Stars: ✭ 110 (+46.67%)
Mutual labels:  sandbox, malware
memscrimper
Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Stars: ✭ 25 (-66.67%)
Mutual labels:  sandbox, malware
Evader
Packer (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)
Stars: ✭ 86 (+14.67%)
Mutual labels:  packer, evasion
Bold-Falcon
毕方智能云沙箱(Bold-Falcon)是一个开源的自动化恶意软件分析系统;方班网络安全综合实验-设计类;
Stars: ✭ 30 (-60%)
Mutual labels:  sandbox, malware
Drakvuf Sandbox
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Stars: ✭ 384 (+412%)
Mutual labels:  sandbox, malware
Invizzzible
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
Stars: ✭ 268 (+257.33%)
Mutual labels:  malware, evasion
kiteshield
Packer/Protector for x86-64 ELF binaries on Linux
Stars: ✭ 71 (-5.33%)
Mutual labels:  packer, malware
Pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Stars: ✭ 2,026 (+2601.33%)
Mutual labels:  sandbox, malware
Green Hat Suite
Green-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.
Stars: ✭ 112 (+49.33%)
Mutual labels:  malware, evasion
Runpe In Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
Stars: ✭ 249 (+232%)
Mutual labels:  packer, malware
Hacktheworld
An Python Script For Generating Payloads that Bypasses All Antivirus so far .
Stars: ✭ 527 (+602.67%)
Mutual labels:  malware, evasion
Automated-Malware-Analysis-List
My personal Automated Malware Analysis Sandboxes and Services
Stars: ✭ 20 (-73.33%)
Mutual labels:  sandbox, malware
Xeexe Topantivirusevasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (+416%)
Mutual labels:  malware, evasion
Docker Cuckoo
Cuckoo Sandbox Dockerfile
Stars: ✭ 289 (+285.33%)
Mutual labels:  sandbox, malware
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+417.33%)
Mutual labels:  malware, evasion
Anti-Debug-DB
Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of various anti-debug tricks, their implementation, and recommendations of how to mitigate the each trick.
Stars: ✭ 20 (-73.33%)
Mutual labels:  malware, anti-debug
Mba
Malware Behavior Analyzer
Stars: ✭ 125 (+66.67%)
Mutual labels:  sandbox, malware
PyPackerDetect
A malware dataset curation tool which helps identify packed samples.
Stars: ✭ 27 (-64%)
Mutual labels:  packer, malware
View All Similar Projects ➔

UNPROTECT [PROJECT]: Unprotect Malware for the Mass

The Unprotect Project is an Open Source project that aims to propose a classification about Evasion Techniques to help to understand and analyze a malware. This project is dedicated to Windows PE malware. It is licensed under APACHE License version 2.0.

logo

The Unprotect Project contains two main parts:

  • A website with a complete database and evasion techniques classification.
  • A python standalone tool to detect evasion technique in a specific malware.

The standalone tool available in this repository contains the following features:

features

Disclaimer

This tool is an attempt to bring a tool to the community dedicated to malware evasion techniques. It started as a side project and of course requires some improvements. Of course, it is not perfect nor magic! This version is an early prototype.

Please take notes of the following:

  • This project currently works with python2.7 (it will be upgraded to python3 in next versions).
  • It might have some bugs or vulnerabilities.
  • This tool is currently working only with a valid PE file (support of additional format file will be added in a later version).
  • There is currently no option supported, the standard output will provide you a full report.
  • The analysis can take time depending of the PE size (more than 5 minutes for a PE bigger than 1MB).
  • This tool has been tested on Mac OS and Linux, a Windows version can be found in the folder unprotect_windows.

Getting Started

Prerequisites

You must install some packages before to start.

Linux

sudo apt-get install python-pip
sudo apt-get install build-essential libffi-dev python python-dev python-pip automake autoconf libtool
sudo apt-get install libfuzzy-dev
sudo apt-get install ssdeep

Mac OS

brew install virtualenv
brew install ssdeep
brew install libmagic

Windows

pip install virtualenv

Variables To Modify

Before to run the installation setup, you will need to modify the config.py files to put your own VirusTotal API. Put your Virustotal API Key in the config.py file:

APIKEY = "<enter_key>"

Additionally, the user might want to add his own Yara rules to scan a PE. This can be added in the file module/yara-rules/user_rules.yar.

Virtualenv

The tool is currently running under Virtualenv, which creates a virtual python work environment to avoid any issue with the current OS as well with the versioning.

Create your own virtualenv:

virtualenv -p python2.7 unprotect

Enable your virtual env:

source unprotect/bin/activate

Package requirements

Install the dependencies:

sudo pip install -r requirements.txt

Run unprotect:

python unprotect.py

Usage

The current version of Unprotect doesn’t support any options. The simple way to use unprotect is to run it against a PE file:

python unprotect.py <PE_file>

Report Example

Report example can be found here: Report

Built With

Licence

This project is licensed under the APACHE License version 2.0 - see the LICENSE.md file for details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].