Malware Analyzer v3.0 released (with new dedicated website)
Malware Analyzer is an open source tool for analyzing malwares.
Features
1. String based analysis for registry , API calls , IRC Commands , DLL’s called and VM Aware.
2. Display detailed headers of PE with all its section details, import and export symbols etc.
3.On Distro , can perform an ascii dump of the PE along with other options ( check –help argument).
4. For windows , it can generate various section of a PE : DOS Header , DOS Stub, PE File Header , Image Optional Header , Section Table , Data Directories , Sections
5. ASCII dump on windows machine.
6. Code Analysis ( disassembling )
7. Online malware checking ( www.virustotal.com )
8. Check for Packer from the Database.
9. Tracer functionality : Can be used to identify
anti-debugging Calls tricks , File system manipulations Calls, Rootkit Hooks, Keyboard Hooks , DEP Setting Change,Network Identification traces,Privilage escalation traces , Hardware Breakpoint traces
10. Signature Creation: Allows to create signature of malware
11. CRC and Timestamp verification.
12. Entropy based scan to identify malicious sections.
13. Dump a process memory
14. Dynamic Analysis (Still in beginning Stage ) for file creations.
Usage
- To Perform Complete Analysis: Usage: ./analyse_malware.py FIle
- To Generate ASCII Dump: Usage: ./analyse_malware.py File –Ascii
- To View Dlls Loaded: Usage: ./analyse_malware.py File –Dll
- To View the PE Areas: Usage: ./analyse_mwlare.py File –Header
- To Perform Code Analysis: Usage: ./analyse_malware.py File –Code
- To Check online for Malware ./analyse_malware.py File –online
- To List all Processes on system ./analyse_malware.py –process
- Example: ./analyse_malware.py malware.exe –online
Changelog
- Added Banking Trojan Traces
- Added Dynamic Registry Analysis
- Process listing displays loaded modules information for all processes
- Improved Traces signatures