SSMA - Simple Static Malware Analyzer [This project is not maintained anymore]
Switch branches/tags
Nothing to show
Clone or download
pielco11 Removed check_mx
This does not work with some SMTP Server, plus if you are not connected to the internet this breaks the code. Now it does a regex check.
Latest commit e8f3e94 Apr 1, 2018


Join the chat at Build Status

SSMA is a simple malware analyzer written in Python 3.


  • Analyze PE file's header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)

  • Analyze ELF file for Linux malware analysis, it uses various open source tools (ldd, readelf, strings) to display ELF header structure, ASCII/UNICODE strings, shared objects, section header, symbol table, etc.

  • Searches for possible domains, e-mail addresses, IP addresses in the strings of the file.

  • Checks if domains are blacklisted based on's Ransomware Domain Blocklist and's blocklist.

  • Looks for Windows functions commonly used by malware.

  • Get results from VirusTotal and/or upload files.

  • Malware detection based on Yara-rules

  • Detect well-known software packers.

  • Detect the existence of cryptographic algorithms.

  • Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.

  • Find if documents have been crafted to leverage malicious code.

  • Generate json format report.

  • Mass analysis by specifying a folder.


git clone


sudo pip3 install -r requirements.txt

python3 -h

Using virtualenv

git clone
virtualenv -p python3 env
source env/bin/activate
pip3 install -r requirements.txt
python3 -h

Additional: ssdeep - Installation

More: Simple Static Malware Analyzer