Simple Static Malware Analyzer: SSMA

2017-02-13T20:15:47
ID N0WHERE:158780
Type n0where
Reporter N0where
Modified 2017-02-13T20:15:47

Description

Simple Static Malware Analyzer

SSMA is a simple malware analyzer written in Python 3.


Features:

  • Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
  • Searches for possible domains, e-mail addresses, IP addresses in the strings of the file.
  • Checks if domains are blacklisted based on abuse.ch’s Ransomware Domain Blocklist and malwaredomains.com’s blocklist.
  • Looks for Windows functions commonly used by malware.
  • Get results from VirusTotal and/or upload files.
  • Malware detection based on Yara-rules
  • Detect well-known software packers.
  • Detect the existence of cryptographic algorithms.
  • Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.
  • Find if documents have been crafted to leverage malicious code.

Requirements

  • Python
    • Python 2.6, 2.7
    • Python >= 3.2
    • PyPy >= 2.0
  • ssdeep/libfuzzy >= 2.10 (Some features might not be available with older versions. See ssdeep.Hash )
  • cffi
  • pip
  • six

Usage

git clone https://github.com/secrary/SSMA

cd SSMA

sudo pip3 install -r requirements.txt

python3 ssma.py -h

Using virtualenv

git clone https://github.com/secrary/SSMA
cd SSMA
virtualenv -p python3 env
source env/bin/activate
pip3 install -r requirements.txt
python3 ssma.py -h

Simple Static Malware Analyzer:  SSMA Download