Malwoverview – Malware Initial Triage Tool
Malwoverview is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware sample, suspect URL and domains. Additionally, it allows to download and send samples to main online sandboxes.

This tool aims to :
- Determining similar executable malware samples (PE/PE+) according to the import table (imphash) and group them by different colors (pay attention to the second column from output). Thus, colors matter!
- Determining whether executable malware samples are packed or not packed according to the following rules: 2a. Two or more sections with Entropy > 7.0 or < 1.0 ==> Packed. 2b. One one section with Entropy > 7.0 or two sections with SizeOfRawData ==> Likely packed. 2c. None section with Entropy > 7.0 or SizeOfRawData ==> not packed.
- Determining whether the malware samples contain overlay.
- Determining the .text section entropy.Malwoverview.py only examines PE/PE+ files, skipping everything else.
- Checking each malware sample against Virus Total.
Important note: Malwoverview does NOT submit samples to Virus Total or Hybrid Analysis by default. It submits only hashes, so respecting Non-Disclosure Agreements (NDAs). Nonetheless, if you use the “-V” (uppercase) or “-A” (uppercase), so Malwoverview SUBMITS your malware sample to Virus Total or Hybrid Analysis, respectively.
You can read more and download this tool over here: https://github.com/alexandreborges/malwoverview
Subscribe
0 Comments