{"id":2902,"date":"2016-09-08T08:41:44","date_gmt":"2016-09-08T08:41:44","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2902"},"modified":"2016-09-08T08:41:44","modified_gmt":"2016-09-08T08:41:44","slug":"ssma-simple-static-malware-analyzer","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2902","title":{"rendered":"SSMA &#8211; Simple Static Malware Analyzer"},"content":{"rendered":"<p><strong>SSMA<\/strong> is a simple malware analyzer written in Python 3.<br \/>\n<strong>Features: <\/strong><\/p>\n<ul>\n<li>Searches for websites, e-mail addresses, IP addresses in the strings of the file.<\/li>\n<li>Looks for Windows functions commonly used by malware.<\/li>\n<li>Get results from VirusTotal and\/or upload files.<\/li>\n<li>Malware detection based on Yara-rules &#8211; https:\/\/virustotal.github.io\/yara\/<\/li>\n<li>Detect well-known software packers.<\/li>\n<li>Detect the existence of cryptographic algorithms.<\/li>\n<li>Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.<\/li>\n<li>Find if documents have been crafted to leverage malicious code.<\/li>\n<\/ul>\n<p><strong>Usage:<\/strong><\/p>\n<pre>git clone https:\/\/github.com\/secrary\/SSMA\ncd SSMA\nsudo pip3 install -r requirements.txt\n<\/pre>\n<pre>python3 ssma.py -h\n<\/pre>\n<p>Additional: ssdeep &#8211; <a href=\"https:\/\/python-ssdeep.readthedocs.io\/en\/latest\/installation.html\">Installation<\/a><br \/>\nMore: Simple Static Malware Analyzer<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/github.com\/secrary\/SSMA\">Download SSMA at Github Repo<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSMA is a simple malware analyzer written in Python 3. Features: Searches for websites, e-mail addresses, IP addresses in the strings of the file. Looks for Windows functions commonly used by malware. Get results from VirusTotal and\/or upload files. Malware detection based on Yara-rules &#8211; https:\/\/virustotal.github.io\/yara\/ Detect well-known software packers. Detect the existence of cryptographic<\/p>\n","protected":false},"author":1,"featured_media":2903,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[554],"tags":[719,720,721],"class_list":["post-2902","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-malware","tag-detection","tag-malware","tag-simple-static-malware-analyzer"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2902"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2902\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}