SSMA is a simple malware analyzer written in Python 3.
Latest Change 3/7/2017:
+ add new args
+ requirements.txt: ELF support init
+ ssma.py : check .tls
– Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
– Searches for possible domains, e-mail addresses, IP addresses in the strings of the file.
– Checks if domains are blacklisted based on abuse.ch’s Ransomware Domain Blocklist and malwaredomains.com’s blocklist.
– Looks for Windows functions commonly used by malware.
– Get results from VirusTotal and/or upload files.
– Malware detection based on Yara-rules
– Detect well-known software packers.
– Detect the existence of cryptographic algorithms.
– Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.
– Find if documents have been crafted to leverage malicious code.
Use and install:
git clone https://github.com/secrary/SSMA && cd SSMA
sudo pip3 install -r requirements.txt
python3 ssma.py -h
git pull origin master