Skip to content

es0/MalwareSimilarityGraph

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

MalwareSimilarityGraph

Performs shared code analysis on malware samples and outputs a graph.

USAGE:

usage: mal_sim_graph.py [-h] [--jaccard_index_threshold THRESHOLD]
                   target_directory output_dot_file

Find similarity between malware and graph it.

positional arguments:
  target_directory      Directory containing malware
  output_dot_file       Where to save the output graph DOT file

optional arguments:
  -h, --help            show this help message and exit
  --jaccard_index_threshold THRESHOLD, -j THRESHOLD
                        Threshold above which to create an 'edge' between
                        samples

OUTPUT (after conversion to png) alt text APT28 Malware samples

How's it work?

  • Takes in directory
  • finds PE files
  • Extracts Import Address Table from samples (Fails over to pe strings if no imports)
  • Calculates Jaccard index of two malware samples
  • creates .dot file (similarity graph)
    • Convert .dot to png using:
      fdp -Tpng simgraph.dot -o simgraph.png
      
      

Requirements:

About

Performs shared code analysis on malware samples and outputs a graph.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages