DECAF by decaf-project

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

updated at April 26, 2024, 1:03 p.m.

60 +0

791 +4

168 +0

Malware by RPISEC

Course materials for Malware Analysis by RPISEC

updated at April 26, 2024, 12:28 p.m.

330 +0

3,615 +1

777 +2

unipacker by unipacker

Automatic and platform-independent unpacker for Windows binaries based on emulation

updated at April 26, 2024, 10:23 a.m.

30 +1

606 +4

73 +1

de4dot by de4dot

.NET deobfuscator and unpacker.

updated at April 26, 2024, 8:36 a.m.

512 +1

6,728 +10

2,638 +2

vivisect by vivisect

None

updated at April 26, 2024, 5:35 a.m.

69 +0

896 +3

184 -10

javascript-malware-collection by HynekPetrak

Collection of almost 40.000 javascript malware samples

updated at April 25, 2024, 1:46 p.m.

37 +0

630 +1

235 +0

stringsifter by mandiant

A machine learning tool that ranks strings based on their relevance for malware analysis.

updated at April 25, 2024, 12:46 p.m.

30 +0

646 +2

123 +0

ember by elastic

Elastic Malware Benchmark for Empowering Researchers

updated at April 25, 2024, 12:20 p.m.

51 +0

898 +4

269 +2

chopshop by MITRECND

Protocol Analysis/Decoder Framework

updated at April 25, 2024, 11:31 a.m.

71 +0

487 +1

111 +0

dionaea by DinoTools

Home of the dionaea honeypot

updated at April 25, 2024, 9:45 a.m.

44 +0

679 +2

182 +0

scalpel by sleuthkit

Scalpel is an open source data carving tool. It is not being actively maintained.

updated at April 25, 2024, 7:45 a.m.

43 +0

602 +1

100 +0

wdbgark by swwwolf

WinDBG Anti-RootKit Extension

updated at April 25, 2024, 6:16 a.m.

61 +0

602 +1

176 +0

python-evt by williballenthin

Pure Python parser for classic Windows Event Log files (.evt)

updated at April 25, 2024, 3:18 a.m.

5 +0

41 +1

12 +0

mailchecker by FGRibreau

Cross-language temporary (disposable/throwaway) email detection library. Covers 55 734+ fake email providers.

updated at April 24, 2024, 10:29 p.m.

37 +1

1,569 +3

238 -1

HaboMalHunter by Tencent

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

updated at April 24, 2024, 9:55 p.m.

55 +0

723 +1

220 +0

plasma by plasma-disassembler

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

updated at April 24, 2024, 9:27 p.m.

149 +0

3,041 +1

278 +0

AnalyzePDF by hiddenillusion

Tool to help analyze PDF files

updated at April 24, 2024, 8:36 p.m.

22 +0

170 +1

40 -1

sandboxapi by InQuest

Minimal, consistent Python API for building integrations with malware sandboxes.

updated at April 24, 2024, 6:58 p.m.

21 +0

131 +1

39 +0

polichombr by ANSSI-FR

Collaborative malware analysis framework

updated at April 24, 2024, 5:45 p.m.

38 +0

372 +1

64 +0

malice by maliceio

VirusTotal Wanna Be - Now with 100% more Hipster

updated at April 24, 2024, 5:25 p.m.

96 +0

1,600 +0

261 +0