Tuesday, June 21, 2011

Malware Cookbook codes

If you aren't aware, there is a book dedicated to malware researchers/enthusiasts out there, namely "Malware Cookbook" . I haven't get the book in my hand, but the codes used in the book are already in google code, here

I tried several Python scripts written by the author, purposely in order to help my research in malware detection. One tool, pe_scanner.py considered outstanding, since it has support for malware entropy analysis, yara for malware classification and PEID support for PE identification.

I also managed to file bugreports and "patch".. since analyzing 30,000 malware sample is tedious, time consuming and possibly leads to migrain.

(not exactly bug report, but the problem faced when a given PE having corrupt header, and I have to segregate into different folder, unable to proceed with this kind of binary)

(F-prot AV having different line of reporting... so )

I am yet to commit my customized codes, possibly I'll put in github later on.

No comments: