InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards. Learn more →
Top 8 C malware-analysis Projects
-
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
pafish
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
Project mention: Is there still a way to counter virtual machine detection by popular anti cheat? | /r/VFIO | 2023-12-05Pafish is what you asking for, but as u/ForceBlade wrote, you cannot win this game.
-
Project mention: Reverse Engineering DOS Software as If It Were 1990 | news.ycombinator.com | 2024-02-02
https://hyperdbg.org and m1n1 (Apple Silicon) spring to mind as modern supervisor/hypervisor debuggers.
There's nothing modern I'm aware of that lets you press a key combination to get into a hypervisor debug UI like softICE was known for, though. It's all shifted to host-and-target debugging. You'd use a "normal" debugger on one machine (lldb/gdb, WinDbg, IDA, etc.) and either supervised host-to-target connection (network-to-kernel/hypervisor on x86, OCD like JTAG/SWD/CoreSight on embedded) or emulation (for pretty much everything but device driver development).
-
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
-
dumpulator
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
-
-
Project mention: Deep Dive into XZ Utils Backdoor – Columbia Engineering Guest Lecture [video] | news.ycombinator.com | 2024-04-30
Worth a watch. There's also this GitHub where there's reverse engineering going on: https://github.com/smx-smx/xzre
We now know the answer to the question of "who would win?"
1) A years-long nation-state-backed hacking effort to infiltrate a software project and compromise most servers in the Western world
or
2) A German's obsession with efficiency and precision in engineering
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
hem-hashes
Hiew External Module (HEM) to calculate CRC-32, MD5, SHA-1, and SHA-256 hashes of a given file/block
C malware-analysis discussion
C malware-analysis related posts
-
Deep Dive into XZ Utils Backdoor – Columbia Engineering Guest Lecture [video]
-
Rileva hollow code injection in windows
-
Is it possible a spyware can hide it's processes in task manager details and in services tab?
-
Get "File Version" from an exe file stored on Linux
-
Hollows Hunter – Scans all running processes
-
rabin2 for scraping ELF to JSON
-
A note from our sponsor - InfluxDB
www.influxdata.com | 7 Sep 2024
Index
What are some of the best open-source malware-analysis projects in C? This list will help you:
Project | Stars | |
---|---|---|
1 | radare2 | 20,275 |
2 | pafish | 3,311 |
3 | HyperDbg | 2,827 |
4 | hollows_hunter | 1,985 |
5 | dumpulator | 708 |
6 | mal_unpack | 649 |
7 | xzre | 90 |
8 | hem-hashes | 36 |