Skip to content

anpa1200/Malware_analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
release
release
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 

Repository files navigation

Malware Analysis Tools

Production-ready toolkit for initial triage and string analysis of suspicious binaries and files. Use in a safe, isolated lab only.

Tools

Tool Language Description
String Analyser C++ Extracts printable strings from a binary and classifies them (Windows APIs, functions, URLs, IPs, paths, DLLs, filenames, shell commands). Outputs a structured report.
File Header Analyzer PowerShell Identifies file type by magic bytes, computes MD5/SHA1/SHA256, and for PE files reports e_lfanew and compilation timestamp.

Requirements

  • String Analyser: C++11 compiler (GCC, Clang, or MSVC); no external dependencies.
  • File Header Analyzer: PowerShell 5.1+ or PowerShell Core (Windows or cross-platform).

Build

String Analyser (native and Windows .exe)

Using Make (recommended):

# Build for current OS (Linux/macOS → binary, Windows with MinGW → .exe)
make all
# Binary: build/bin/string_analyser (or string_analyser.exe on Windows)

Cross-compile Windows .exe from Linux:

# Requires: mingw-w64 (e.g. apt install mingw-w64)
make win64
# Output: release/windows/string_analyser.exe

Using CMake:

mkdir build && cd build
cmake .. -DCMAKE_BUILD_TYPE=Release
cmake --build .
# Binary: build/bin/string_analyser (or string_analyser.exe on Windows)

Release layout

Pre-built binaries can be placed under:

  • release/windows/string_analyser.exe
  • release/linux/string_analyser

See release/README.md for build commands.

Usage

String Analyser

CLI (automation-friendly):

./string_analyser -i <suspicious_file> -o <report.txt> [-m min_length]
./string_analyser --help
./string_analyser --version

Interactive:

./string_analyser --interactive

Example:

./string_analyser -i sample.exe -o report.txt -m 5

File Header Analyzer

Interactive:

.\scripts\file_header_analyzer.ps1
# Then enter file path when prompted.

With parameters:

.\scripts\file_header_analyzer.ps1 -Path "C:\path\to\file"
.\scripts\file_header_analyzer.ps1 -Path "C:\path\to\file" -Json    # JSON output
.\scripts\file_header_analyzer.ps1 -Path "C:\path\to\file" -NoPrompt

Project layout

Malware_analysis/
├── CMakeLists.txt
├── Makefile
├── README.md
├── LICENSE
├── .gitignore
├── src/
│   └── string_analyser.cpp
├── scripts/
│   └── file_header_analyzer.ps1
└── release/
    ├── README.md
    ├── windows/          # string_analyser.exe
    └── linux/            # string_analyser

License

GPL v3. See LICENSE.

Author

Andrey Pautov — [email protected]

About

My malware analysis tools

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages