Related Reads
SSMA – Simple Static Malware Analyzer
December 3, 2016 | Views: 5379
SSMA is a simple malware analyzer written in Python 3.
Features:
-
Searches for websites, e-mail addresses, IP addresses in the strings of the file.
-
Looks for Windows functions commonly used by malware.
-
Get results from VirusTotal and/or upload files.
-
Malware detection based on Yara-rules – https://virustotal.github.io/yara/
-
Detect well-known software packers.
-
Detect the existence of cryptographic algorithms.
-
Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.
-
Find if documents have been crafted to leverage malicious code.
Usage
git clone https://github.com/secrary/SSMA
cd SSMA
sudo pip3 install -r requirements.txt
python3 ssma.py -h
You can just statically scan the file or upload to VirustTotal using your API-KEY.
Usage
python3 ssma.py file.exe
python3 ssma.py -k api-key file.exe
Scan documents (i.e. MS Office Word):
Usage
python3 ssma.py -d doc.docx
To get ssdeep hashes use requirements_with_ssdeep.txt
Requirements:
Python 3
Download
Share with Friends
Use Cybytes and
Tip the Author!
Tip the Author!
Join
Share with Friends
Ready to share your knowledge and expertise?
I’m getting “http.client.IncompleteRead” in “blacklisted_domain_ip.py, line 18, in ransomware_and_malware_domain_check”.
So I put a try,catch and a loop to make retries. After few tries, it worked.
Thanks. Can you check it again?
Great, its working! Thanks.
For Windows there is Sysinternals, but for Linux users this fills a hole. Some users may prefer Python 2.5, but can’t please everyone. I’ll look into the code for this.
Thanks
That is an extremely helpful program and article.
I had to tip 5 Cybytes for this. There isn’t much out here on Malware Analysis.
Thank you for the great information. I am going to dig in more shortly.
Great work and I cannot wait to see more from you