Merge pull request #211 from knowmalware/additions

Add several tools

README.md

@@ -238,6 +238,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大
   edit file metadata.
 * [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
   Modular, recursive file scanning solution.
+* [fn2yara](https://github.com/cmu-sei/pharos) - FN2Yara is a tool to generate
+  Yara signatures for matching functions (code) in an executable program.
 * [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
 * [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
   a variety of algorithms.
@@ -413,6 +415,9 @@ executables.
 *Analyze malicious URLs. See also the [domain analysis](#domain-analysis) and
 [documents and shellcode](#documents-and-shellcode) sections.*
 
+* [Bytecode Viewer](https://github.com/Konloch/bytecode-viewer) - Combines
+  multiple Java bytecode viewers and decompilers into one tool, including
+  APK/DEX support.
 * [Firebug](https://getfirebug.com/) - Firefox extension for web development.
 * [Java Decompiler](http://jd.benow.ca/) - Decompile and inspect Java apps.
 * [Java IDX Parser](https://github.com/Rurik/Java_IDX_Parser/) - Parses Java
@@ -504,6 +509,14 @@ the [browser malware](#browser-malware) section.*
   XOR key using frequency analysis.
 * [PackerAttacker](https://github.com/BromiumLabs/PackerAttacker) - A generic
   hidden code extractor for Windows malware.
+* [PyInstaller Extractor](https://github.com/extremecoders-re/pyinstxtractor) -
+  A Python script to extract the contents of a PyInstaller generated Windows
+  executable file. The contents of the pyz file (usually pyc files) present
+  inside the executable are also extracted and automatically fixed so that a
+  Python bytecode decompiler will recognize it.
+* [uncompyle6](https://github.com/rocky/python-uncompyle6/) - A cross-version
+  Python bytecode decompiler.  Translates Python bytecode back into equivalent
+  Python source code.
 * [un{i}packer](https://github.com/unipacker/unipacker) - Automatic and
   platform-independent unpacker for Windows binaries based on emulation.
 * [unpacker](https://github.com/malwaremusings/unpacker/) - Automated malware
@@ -582,6 +595,9 @@ the [browser malware](#browser-malware) section.*
   for static analysis of Linux binaries.
 * [OllyDbg](http://www.ollydbg.de/) - An assembly-level debugger for Windows
   executables.
+* [OllyDumpEx](https://low-priority.appspot.com/ollydumpex/) - Dump memory
+  from (unpacked) malware Windows process and store raw or rebuild PE file.
+  This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.
 * [PANDA](https://github.com/moyix/panda) - Platform for Architecture-Neutral
   Dynamic Analysis.
 * [PEDA](https://github.com/longld/peda) - Python Exploit Development
@@ -618,6 +634,10 @@ the [browser malware](#browser-malware) section.*
   [API](https://retdec.com/api/) that you can use in your tools.
 * [ROPMEMU](https://github.com/Cisco-Talos/ROPMEMU) - A framework to analyze, dissect
   and decompile complex code-reuse attacks.
+* [Scylla Imports Reconstructor](https://github.com/NtQuery/Scylla) - Find and fix
+  the IAT of an unpacked / dumped PE32 malware.
+* [ScyllaHide](https://github.com/x64dbg/ScyllaHide) - An Anti-Anti-Debug library
+  and plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.
 * [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
   plugin for Sublime 3 to aid with malware analyis.
 * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for