SSMA is a simple malware analyzer written in Python 3.
Features:
- Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
- Searches for possible domains, e-mail addresses, IP addresses in the strings of the file.
- Checks if domain is blacklisted based on abuse.ch’s Ransomware Domain Blocklist and malwaredomains.com’s blocklist.
- Looks for Windows functions commonly used by malware.
- Get results from VirusTotal and/or upload files.
- Malware detection based on Yara-rules
- Detect well-known software packers.
- Detect the existence of cryptographic algorithms.
- Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.
- Find if documents have been crafted to leverage malicious code.
Usage:
git clone https://github.com/secrary/SSMAcd SSMA
sudo pip3 install -r requirements.txt
python3 ssma.py -h
python3 ssma.py -k api-key file.exe
You can just statically scan the file or upload to VirustTotal using your API-KEY.
python3 ssma.py file.exe
python3 ssma.py -k api-key file.exe
ليست هناك تعليقات:
إرسال تعليق