Tools no image

Published on March 14th, 2011 | by NJ Ouchn


Malware Analyzer v2.9 just Released

Malware Analyzer is an open source tool for analyzing malwares.


1. String based analysis for registry , API calls , IRC Commands , DLL's called and VM Aware.

2. Display detailed headers of PE with all its section details, import and export symbols etc.

3.On Distro , can perform an ascii dump of the PE along with other options ( check –help argument).

4. For windows , it can generate various section of a PE : DOS Header , DOS Stub, PE File Header , Image Optional Header , Section Table , Data Directories , Sections

5. ASCII dump on windows machine.

6. Code Analysis ( disassembling )

7. Online malware checking ( www.virustotal.com )

8. Check for Packer from the Database.

9. Tracer functionality : Can be used to identify

anti-debugging Calls tricks , File system manipulations Calls, Rootkit Hooks, Keyboard Hooks , DEP Setting Change,Network Identification traces,Privilage escalation traces , Hardware Breakpoint traces

10. Signature Creation: Allows to create signature of malware

11. CRC and Timestamp verification.

12. Entropy based scan to identify malicious sections.

13. Dump a process memory

14. Dynamic Analysis (Still in beginning Stage ) for file creations.


  • To Perform Complete Analysis: Usage: ./analyse_malware.py FIle
  • To Generate ASCII Dump: Usage: ./analyse_malware.py File –Ascii
  • To View Dlls Loaded: Usage: ./analyse_malware.py File –Dll
  • To View the PE Areas: Usage: ./analyse_mwlare.py File –Header
  • To Perform Code Analysis: Usage: ./analyse_malware.py File –Code
  • To Check online for Malware ./analyse_malware.py File –online
  • To List all Processes on system ./analyse_malware.py –process
  • Example: ./analyse_malware.py malware.exe –online


  • Added Process Dumping Feature
  • Added Dynamic Analysis ( File Creation)
  • Minor Bug Fixes


Tags: , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑