Merge pull request #211 from knowmalware/additions

Add several tools
2024-10-01 06:35:40 -04:00 · 2020-08-23 22:31:20 -05:00 · 2020-08-23 22:31:20 -05:00 · 577019c73a
commit 577019c73a
parent caa6aea573 3b24662087
1 changed files with 20 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -238,6 +238,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
  edit file metadata.
 * [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
  Modular, recursive file scanning solution.
+* [fn2yara](https://github.com/cmu-sei/pharos) - FN2Yara is a tool to generate
+  Yara signatures for matching functions (code) in an executable program.
 * [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
 * [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
  a variety of algorithms.
@ -413,6 +415,9 @@ executables.
 *Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and
 [documents and shellcode](#documents-and-shellcode) sections.*

+* [Bytecode Viewer](https://github.com/Konloch/bytecode-viewer) - Combines
+  multiple Java bytecode viewers and decompilers into one tool, including
+  APK/DEX support.
 * [Firebug](https://getfirebug.com/) - Firefox extension for web development.
 * [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps.
 * [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java
@ -504,6 +509,14 @@ the [browser malware](#browser-malware) section.*
  XOR key using frequency analysis.
 * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
  hidden code extractor for Windows malware.
+* [PyInstaller Extractor](https://github.com/extremecoders-re/pyinstxtractor) -
+  A Python script to extract the contents of a PyInstaller generated Windows
+  executable file. The contents of the pyz file (usually pyc files) present
+  inside the executable are also extracted and automatically fixed so that a
+  Python bytecode decompiler will recognize it.
+* [uncompyle6](https://github.com/rocky/python-uncompyle6/) - A cross-version
+  Python bytecode decompiler.  Translates Python bytecode back into equivalent
+  Python source code.
 * [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
  platform-independent unpacker for Windows binaries based on emulation.
 * [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
@ -582,6 +595,9 @@ the [browser malware](#browser-malware) section.*
  for static analysis of Linux binaries.
 * [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows
  executables.
+* [OllyDumpEx](https://low-priority.appspot.com/ollydumpex/) - Dump memory
+  from (unpacked) malware Windows process and store raw or rebuild PE file.
+  This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.
 * [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral
  Dynamic Analysis.
 * [PEDA](https://github.com/longld/peda) - Python Exploit Development
@ -618,6 +634,10 @@ the [browser malware](#browser-malware) section.*
  [API](https://retdec.com/api/) that you can use in your tools.
 * [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect
  and decompile complex code-reuse attacks.
+* [Scylla Imports Reconstructor](https://github.com/NtQuery/Scylla) - Find and fix
+  the IAT of an unpacked / dumped PE32 malware.
+* [ScyllaHide](https://github.com/x64dbg/ScyllaHide) - An Anti-Anti-Debug library
+  and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.
 * [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
  plugin for Sublime 3 to aid with malware analyis.
 * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for