Maldrolyzer
#Security Testing#Malware Analysis
Python 3 tool for parsing Yara rules with ongoing development.
Simple Framework for Extracting Actionable Data
This is a simple framework designed to extract "actionable" data from Android malware, including command and control servers (C&Cs), phone numbers, and more.
Installation Instructions
Before you begin using this project, you need to install the following packages:
1. Androguard: Clone the repository using the command `git clone https://github.com/androguard/androguard`, navigate into the directory with `cd androguard`, and then run `sudo python setup.py install`.
2. PyCrypto: Install it using the command `easy_install pycrypto`.
3. pyelftools: You can install this package with `easy_install pyelftools`.
4. yara: Finally, install it using `easy_install yara`.
The project has a couple of directories for static analysis and output processing
The project contains a couple of directories that serve as locations for your static analysis or output processing:
plugins
- This is where the code responsible for malware identification and data extraction resides. Every class must inherit from the Plugin class found in the templates.
The method 'recon' identifies the malware.
- Place all necessary code here to ensure effective data extraction.
The method 'extract' performs the standard extraction process.
No Specific Format for Extracted Data
There is no specific format for the extracted data. However, it is advisable to store it in a Python dictionary. This approach allows output processors to read the data in a consistent manner.
Processing
- This is where you place classes that inherit from the OutputProcessor class.
They are invoked after the data extraction process
They are invoked after the data extraction process and retrieve the extracted information. The process method takes
