JAMA (Just Another Malware Analyzer) 0.1
========================================

What is JAMA?
JAMA is an open source malware analysis tool.

To use this version of JAMA, you need to:
1) Run the XMLRPC server using xmlrpc_dumper.py (in a dedicated server or a virtual machine).
   Configure the path of tools in config.py before running the server.
2) Connect the server using xmlrpc_client.py

Usage Example
=============

Build a Windows guest using VMWare and forward the port 8000 between the guest and
host.

Run the XMLRPC server in the guest:
$ python xmlrpc_dumper.py 8000

When the server is ready, execute the following commands in the host:
$ cd $JAMA_PATH
$ python xmlrpc_client.py http://localhost:8000 <your malware sample> <output directory>

After a while a static report and a dynamic behavior's report will be found in the
output directory.

If you want to test the availability of the node or a list of nodes, edit the file
servers.conf adding the corresponding nodes and execute the command:

$ python xmlrpc_tester.py

The file servers.conf is also used with xmlrpc_client.py to randomly select a node to
connect to. The command to run would be the following:

$ python xmlrpc_client.py auto <your malware sample> <output directory>

Example batch usage
===================

Suppose you have 3 nodes (node1, node2 and node3) and a directory with a lot of malware
samples ($JAMA_PATH/samples, for this example). To analyze all of them, simply do following
steps:

1)
Edit servers.conf as:
http://node1:8000/
http://node2:8000/
http://node3:8000/

2)
$ cd $JAMA_PATH

$ xmlrpc_tester.py
[Thu Dec  2 13:08:54 2010] Status of server http://node1:8000/ is [ALIVE]
[Thu Dec  2 13:08:54 2010] Status of server http://node2:8000/ is [ALIVE]
[Thu Dec  2 13:08:54 2010] Status of server http://node3:8000/ is [ALIVE]

$ python batch_tester.py auto samples <output directory>

License
=======

Licensed under the GNU General Public License Version 3.

Contact
=======

Author: Qin Liu
Email: lqgy2001 [AT] gmail [DOT] com