# Malware

## Tools

### Detect is Easy

* [Detect is Easy | DIE](https://github.com/horsicq/Detect-It-Easy)

* Analyze signatures with [capa](https://github.com/mandiant/capa) via
```sh
capa <binary>
```

* Unpack with `upx`

* Re-analyze after deleting the cache `del <binary>.viv`

### Strings

Tools for String searching and deobfuscations are 
* [Floss](https://github.com/mandiant/flare-floss/)

### Lab Setup

* [REMnux](https://github.com/REMnux)
* [FlareVM for Windows](https://github.com/mandiant/flare-vm)

### Fuzzy Hashing

Splits the file into pieces and generates a hash from that to provide hashes of partial binaries.  
This can be done via [ssdeep](https://ssdeep-project.github.io/ssdeep/index.html), maybe in recursive mode.

## Resources

* [MalAPI.io](https://malapi.io) provides an overview of functions used by malware
* [Extracting obfuscated strings](https://www.mandiant.com/resources/blog/automatically-extracting-obfuscated-strings)
* [Abuse's Bazaar](https://bazaar.abuse.ch)
* [Malware Behavior Catalog](https://github.com/MBCProject/mbc-markdown)