diff --git a/README.md b/README.md index 9a1ef7e..1878970 100644 --- a/README.md +++ b/README.md @@ -238,6 +238,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大 edit file metadata. * [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) - Modular, recursive file scanning solution. +* [fn2yara](https://github.com/cmu-sei/pharos) - FN2Yara is a tool to generate + Yara signatures for matching functions (code) in an executable program. * [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files. * [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with a variety of algorithms. @@ -413,6 +415,9 @@ executables. *Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and [documents and shellcode](#documents-and-shellcode) sections.* +* [Bytecode Viewer](https://github.com/Konloch/bytecode-viewer) - Combines + multiple Java bytecode viewers and decompilers into one tool, including + APK/DEX support. * [Firebug](https://getfirebug.com/) - Firefox extension for web development. * [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps. * [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java @@ -504,6 +509,14 @@ the [browser malware](#browser-malware) section.* XOR key using frequency analysis. * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic hidden code extractor for Windows malware. +* [PyInstaller Extractor](https://github.com/extremecoders-re/pyinstxtractor) - + A Python script to extract the contents of a PyInstaller generated Windows + executable file. The contents of the pyz file (usually pyc files) present + inside the executable are also extracted and automatically fixed so that a + Python bytecode decompiler will recognize it. +* [uncompyle6](https://github.com/rocky/python-uncompyle6/) - A cross-version + Python bytecode decompiler. Translates Python bytecode back into equivalent + Python source code. * [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and platform-independent unpacker for Windows binaries based on emulation. * [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware @@ -582,6 +595,9 @@ the [browser malware](#browser-malware) section.* for static analysis of Linux binaries. * [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows executables. +* [OllyDumpEx](https://low-priority.appspot.com/ollydumpex/) - Dump memory + from (unpacked) malware Windows process and store raw or rebuild PE file. + This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg. * [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral Dynamic Analysis. * [PEDA](https://github.com/longld/peda) - Python Exploit Development @@ -618,6 +634,10 @@ the [browser malware](#browser-malware) section.* [API](https://retdec.com/api/) that you can use in your tools. * [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect and decompile complex code-reuse attacks. +* [Scylla Imports Reconstructor](https://github.com/NtQuery/Scylla) - Find and fix + the IAT of an unpacked / dumped PE32 malware. +* [ScyllaHide](https://github.com/x64dbg/ScyllaHide) - An Anti-Anti-Debug library + and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine. * [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis. * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for