Malware Analysis

Malware Analysis

58 bookmarks
Custom sorting
Know Your YARA Rules Series: #6 We Present GenRex - A Generator of Regular Expressions - Avast Engineering
Know Your YARA Rules Series: #6 We Present GenRex - A Generator of Regular Expressions - Avast Engineering
Following our guide about regular expressions, we present a new unique tool that can help you with a creation of such expressions, mainly for those used in the YARA Cuckoo module.    To fully understand the benefits of our new open-source project, we first expand our knowledge about regular expressions in the Cuckoo module, share resources […]
·engineering.avast.io·
Know Your YARA Rules Series: #6 We Present GenRex - A Generator of Regular Expressions - Avast Engineering
mrexodia/dumpulator: An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
mrexodia/dumpulator: An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing). - GitHub - mrexodia/dumpulator: An easy-t...
·github.com·
mrexodia/dumpulator: An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
CERT-Polska/ursadb
CERT-Polska/ursadb
Trigram database written in C++, suited for malware indexing
·github.com·
CERT-Polska/ursadb
Lumma Stealer malware now uses trigonometry to evade detection
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
·bleepingcomputer.com·
Lumma Stealer malware now uses trigonometry to evade detection
GitHub - Bw3ll/sharem: SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
GitHub - Bw3ll/sharem: SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative featur...
·github.com·
GitHub - Bw3ll/sharem: SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
can1357/NoVmp
can1357/NoVmp
A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
·github.com·
can1357/NoVmp
enkomio/Sojobo: A binary analysis framework
enkomio/Sojobo: A binary analysis framework
A binary analysis framework. Contribute to enkomio/Sojobo development by creating an account on GitHub.
·github.com·
enkomio/Sojobo: A binary analysis framework
Windows System Calls For Hunters
Windows System Calls For Hunters
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
·marcoramilli.com·
Windows System Calls For Hunters
kargisimos/detenv
kargisimos/detenv
A small and portable Windows C library for sandbox detection
·github.com·
kargisimos/detenv