Python for malware analysis
Six Python tools useful for identify and analyse malware
Python is a very used scripting language in the field of computer forensics and malware analysis.
Today, we look at some of the tools developed in this scripting language that are useful in the analysis of malicious programs.
pyew
A command line tool to analyse malware, developed by Joxean Koret.
It does have support for hexadecimal viewing and disassembly PE and ELF file formats , follows direct call/jmp instructions in the interactive command line, displays function names and string data references.
It also supports plugins to add more features.
Exefilter
Open-source tool and python framework to filter file formats in e-mails, web pages or files.
Detects many common file formats and can remove active content.
jsunpack-n
A generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities.
yara-python
A library that allows using YARA in Python programs.
It covers all YARA’s features, from compiling, saving and loading rules to scanning files, strings and processes.
phoneyc
A ‘pure python’ honeyclient implementation that allows to give insights into malicious web sites, including the exploits on the page and their consequences.
pyClamd
A python interface to Clamd (ClamAV antivirus daemon) useful to add virus detection capabilities to python software.
The software is currently developed and maintained by Alexandre Norman.