Skip to content

Scan and retrieve IoCs from malware samples for incident response

Notifications You must be signed in to change notification settings

malwarai/malware-extractor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Malware Extractor

Extract IOCs from malware samples to help in the static analysis during incident response. It can be used to scan entire hosts in search of compromised files or to extract data from single binary files.

It can be used to extract static data from PE, ELF, DEX and MACH-O formats. It can be extended by just adding a parser of the file type needed.

Getting started

git clone https://github.com/malwarai/malware-extractor.git

cd malware-extractor

pip install -r requirements.txt

Running the program

To see all available commands

python main.py -h

To extract static data from a binary just use the -fe argument

python main.py -fe file_to_extract_data_from.exe

To scan a file to determine if it may be malicious, you can can pass the following arguments: -fs (file to be scanned) and -yr (the yara compiled file to match against)

python main.py -fs file_to_be_analyzed.exe -yr compiled_yara_file.yara

For scanning an entire directory or host provide -rd (root directory) from where to start the scan.

python main.py -rd /directory_to_be_scanned/ -yr compiled_yara_file.yara

The output of the scans and analysis will be saved in a txt file in the same directory.

About

Scan and retrieve IoCs from malware samples for incident response

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages