Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Attempts to detect ransomware based on properties of of a binary.


Relies on the binary analysis framework angr. Follow the instructions on the official website.

How does it work?

This is still a work in progress, so this will be updated as more concrete versions are developed.

Attempts to detect cryptographic primitives using several different identifying properties. The following lists the properties that are planned to be implemented:

  • Per Gröbert, et al., cryptographic binaries have many loops and makes excessive use bitwise arithmetic.
  • Cryptographic API use.
  • Writing to many files.
  • Common ransom messages.
You can’t perform that action at this time.