Malana is a Python module aimed to help me do static analysis of files, usually malware.
Malana was tested with Python version 3.7.3.
Malana depends on
pefile: easily installed via pip:pip3 install pefile.pyimpfuzzy: seessdeepinstallation instructions below. Then,pip3 install pyimpfuzzy, orpyimpfuzzy-windowsif running Windows.ssdeep: some libraries must be installed before installing the module itself. On Linux systems, you may need to installlibfuzzy-devbeforepip3 install ssdeep. On Windows, download ssdeep Python wrapper for Windows, then runsetup.py install.vt: also easily installed via pip:pip3 install vt-py
Malana currently consists of the following "core" scripts, indicated by the _MA suffix:
get_hashes_MA.pyget_pe_exports_MA.pyget_pe_imports_MA.pyvt_scout_MA.pyvt_submit_MA.py
All of them share the same usage:
<script name> [-h] [-o csvoutput] filename [filename ...]
Just invoke the script name, provide at least one file name and the script outputs the desired information in Python's dictionary format. If needed, you can use option -o csvoutput to save the output in CSV format.
Some scripts use VirusTotal API. To use them, update the file api_keys.py and replace the dummy API keys with your own keys.
The search function allows the use of other functions in a modular fashion. File example.py shows how this can be achieved.