Simple Static Malware Analyzer: SSMA

ID N0WHERE:158780
Type n0where
Reporter N0where
Modified 2017-02-13T20:15:47


Simple Static Malware Analyzer

SSMA is a simple malware analyzer written in Python 3.


  • Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
  • Searches for possible domains, e-mail addresses, IP addresses in the strings of the file.
  • Checks if domains are blacklisted based on’s Ransomware Domain Blocklist and’s blocklist.
  • Looks for Windows functions commonly used by malware.
  • Get results from VirusTotal and/or upload files.
  • Malware detection based on Yara-rules
  • Detect well-known software packers.
  • Detect the existence of cryptographic algorithms.
  • Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.
  • Find if documents have been crafted to leverage malicious code.


  • Python
    • Python 2.6, 2.7
    • Python >= 3.2
    • PyPy >= 2.0
  • ssdeep/libfuzzy >= 2.10 (Some features might not be available with older versions. See ssdeep.Hash )
  • cffi
  • pip
  • six


git clone


sudo pip3 install -r requirements.txt

python3 -h

Using virtualenv

git clone
virtualenv -p python3 env
source env/bin/activate
pip3 install -r requirements.txt
python3 -h

Simple Static Malware Analyzer:  SSMA Download