Malware Analyzer

#4883 by Meriadoc
Fri Feb 04, 2011 5:25 pm

Malware Analyzer

download :
http://code.google.com/p/malwareanalyzer/downloads/list

website :
beenuarora

cursory test with :
http://www.virustotal.com/file-scan/rep ... 1296756784
http://www.virustotal.com/file-scan/rep ... 1283842725

Help : VirusTotal : Trace

Who controls the past controls the future
Who controls the present controls the past

Username

Meriadoc

Posts

195

Joined

Sat Mar 13, 2010 7:36 pm

Location

Cymru

Re: Malware Analyzer

#4885 by EP_X0FF
Fri Feb 04, 2011 6:14 pm

Kinda useless and cannot be taken seriously.

Uses database from PEiD. So I will use PEiD instead to get the same packer verdict (in most cases for malware will be no verdict or fake verdict because of cryptor/obfuscation etc).
Gives section information. Use PETools or Hiew instead. Gives tons of false alarms on real malware, because this is static analyzer. So it think that all garbage in import table has sense. From this following numerous false alarms in "keyboard"/"antidebug" etc parts.

Signatures for malware in PEiD database format? When malware recrypts/repacks/morphs every day and chances to get the same sample is less then 50%?
Some sort of humor must be :)

In attach result with TDL4 dropper. Yes scary keyboards hooks in place, etc :)
http://www.virustotal.com/file-scan/rep ... 1296842389

Attachments

3.rar

(6.75 KiB) Downloaded 34 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Malware Analyzer

#4895 by Meriadoc
Sat Feb 05, 2011 4:41 pm

I was sent a link to this on another forum and asked what I thought. Posting here for opinion I thought it would get a fair crack (thanks EP, always straight to the point :) )

Agree, as a static tool I couldn't see why to use this over what I already use but then it feels like a small project with 'what shall I add' without really thinking about malware.

As a 'malware analyzer' I would want to see more runtime analysis.

Who controls the past controls the future
Who controls the present controls the past

Username

Meriadoc

Posts

195

Joined

Sat Mar 13, 2010 7:36 pm

Location

Cymru

Re: Malware Analyzer

#4896 by Evilcry
Sat Feb 05, 2011 5:16 pm

Hi,

http://www.cuckoobox.org/

Runtime Analysis Tool, free and open source :)

Regards

Username

Evilcry

Posts

135

Joined

Tue Apr 20, 2010 6:10 pm

Re: Malware Analyzer

#4897 by Meriadoc
Sat Feb 05, 2011 5:53 pm

Thanks, looks good I will try this (cool name :) )

Who controls the past controls the future
Who controls the present controls the past

Username

Meriadoc

Posts

195

Joined

Sat Mar 13, 2010 7:36 pm

Location

Cymru

Re: Malware Analyzer

#4898 by Evilcry
Sat Feb 05, 2011 6:08 pm

no problem,
the code has been released just today ;)

Username

Evilcry

Posts

135

Joined

Tue Apr 20, 2010 6:10 pm

Re: Malware Analyzer

#4903 by Buster_BSA
Sun Feb 06, 2011 8:14 am

Cuckoo is another Windows malware analyzer running under Linux.

That´s the main reason why I coded Buster Sandbox Analyzer.

Username

Buster_BSA

Posts

390

Joined

Mon Mar 22, 2010 6:42 am

Re: Malware Analyzer

#4904 by nex
Sun Feb 06, 2011 8:34 am

so what?

Username

nex

Posts

14

Joined

Fri Aug 06, 2010 8:09 am

Contact

Re: Malware Analyzer

#4905 by Buster_BSA
Sun Feb 06, 2011 8:43 am

If you don´t see any problem with that, that´s fine. I just don´t think the same.

Username

Buster_BSA

Posts

390

Joined

Mon Mar 22, 2010 6:42 am

Re: Malware Analyzer

#4906 by nex
Sun Feb 06, 2011 8:50 am

No need to be harsh, I'm just trying to have a conversation and understand your point.
As long as you want to motivate it.

Username

nex

Posts

14

Joined

Fri Aug 06, 2010 8:09 am

Contact