capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

created at June 16, 2020, 9:24 p.m.

82 +0

4,875 +18

560 +2

flare-floss by mandiant

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

created at March 2, 2016, 8:16 p.m.

132 +0

3,253 +7

453 +1

capstone by capstone-engine

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.

created at Nov. 27, 2013, 2:32 a.m.

299 +0

7,608 +17

1,555 -1

orochi by LDO-CERT

The Volatility Collaborative GUI

created at May 18, 2020, 2:01 p.m.

11 +0

225 +2

19 +0

PortEx by katjahahn

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

created at Sept. 27, 2013, 6:34 a.m.

44 +0

496 +0

95 +0

packerid by sooshie

None

created at Dec. 3, 2014, 9:31 p.m.

5 +0

42 +0

9 +0

DC3-MWCP by Defense-Cyber-Crime-Center

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

created at May 6, 2015, 3:11 p.m.

43 +0

300 +1

59 +0

iocextract by InQuest

Defanged Indicator of Compromise (IOC) Extractor.

created at April 17, 2018, 5:37 p.m.

28 +0

506 +1

91 +0

sandboxapi by InQuest

Minimal, consistent Python API for building integrations with malware sandboxes.

created at Jan. 16, 2018, 7:54 p.m.

21 +0

137 +0

40 +0

see by WithSecureOpenSource

Sandboxed Execution Environment

created at Oct. 26, 2015, 11:13 a.m.

57 +0

813 +0

104 +0