The Malware Analysis Tool is a Python-based tool that performs static and dynamic analysis on Windows PE files. It leverages the capabilities of pefile
and frida
to extract information about the PE file structure, perform dynamic analysis using hooking techniques, and extract printable strings from the file.
- Static analysis: Extracts information about the PE file structure, including image base, entry point, number of sections, and imported functions.
- Dynamic analysis: Uses
frida
to perform dynamic analysis by hooking function calls, memory access, and API calls, and traces execution flow using Frida's Stalker module. - String extraction: Extracts printable strings from the PE file.
- Clone the repository:
git clone https://github.com/Kairos-T/Malware-Analysis-Toolkit
- Install the required packages:
pip install -r requirements.txt
- Run the malware analysis tool:
python malware_analysis_tool.py <path_to_pe_file>
Replace <path_to_pe_file>
with the path to the PE file you want to analyse.
Contributions are welcome! If you have any suggestions or encounter any bugs, please open an issue or submit a pull request.