/projects‎ > ‎

Malware Analysis

Here you'll find various bits and pieces related to malware analysis process.

Javascript deobfuscator
We've been experimenting here with mass data analysis and rapid javascript deobfuscation techniques. Source code and experimental bits and pieces:

not very innovative. consider this to be more a study case.

C-ICAP server module for yara pattern matcher

You'll need C-Icap-server (0.1.1 known to work with it) and c-icap-modules source tree. Unpack the file (attached to this page). Build yara. Build c-icap server, build c-icap modules. enable yara module in c-icap file. Contact us in case of problems/patch merges etc. You can use off-shelf rules (i.e. http://jsunpack.jeek.org/dec/current_rules) or create your own.

The github repository for c-icap yara module is: https://github.com/fygrave/c_icap_yara
Fyodor Bom,
24 Oct 2010, 09:13