Here you'll find various bits and pieces related to malware analysis process. Javascript deobfuscator We've been experimenting here with mass data analysis and rapid javascript deobfuscation techniques. Source code and experimental bits and pieces: http://github.com/fygrave/deob not very innovative. consider this to be more a study case. C-ICAP server module for yara pattern matcher You'll need C-Icap-server (0.1.1 known to work with it) and c-icap-modules source tree. Unpack the file (attached to this page). Build yara. Build c-icap server, build c-icap modules. enable yara module in c-icap file. Contact us in case of problems/patch merges etc. You can use off-shelf rules (i.e. http://jsunpack.jeek.org/dec/current_rules) or create your own. The github repository for c-icap yara module is: https://github.com/fygrave/c_icap_yara |
/projects >
