Fuzzy Hash calculated from import API of PE files
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
impfuzzy_for_Neo4j
impfuzzy_for_Volatility
pyimpfuzzy-windows
pyimpfuzzy
README.md

README.md

impfuzzy

Impfuzzy is Fuzzy Hash calculated from import API of PE files

pyimpfuzzy

Python module for comparing the impfuzzy

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)

pyimpfuzzy-windows

Python module comparing the impfuzzy for Windows

impfuzzy for Volatility

Volatility plugin for comparing the impfuzzy and imphash

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)

impfuzzy for Neo4j

Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)

Other Tools or Frameworks

MISP: Malware Information Sharing Platform and Threat Sharing
CRITs: Collaborative Research Into Threats
MultiScanner: File Analysis Framework
ViruSign: Malware Research & Data Center, Virus Free Downloads