Impfuzzy
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Recomposer | 110 | 10 years ago | 1 | Python | ||||||
| Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites. | ||||||||||
| Impfuzzy | 69 | 9 | a year ago | 5 | May 11, 2018 | 2 | gpl-2.0 | Python | ||
| Fuzzy Hash calculated from import API of PE files | ||||||||||
| Imphash Generator | 48 | 6 years ago | Python | |||||||
| PE Import Hash Generator | ||||||||||
| Richpe | 32 | 2 years ago | 4 | apache-2.0 | Python | |||||
| Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks | ||||||||||
| Libdrv | 24 | 6 days ago | mit | C++ | ||||||
| Static Library For Windows Drivers | ||||||||||
| Superpehasher | 16 | 2 years ago | 2 | Python | ||||||
| SuperPeHasher is a wrapper for several hash algorithms dedicated to PE file. | ||||||||||
| Puppet Node_manager | 10 | 3 months ago | 6 | apache-2.0 | Ruby | |||||
| Create and manage PE node groups as resources. | ||||||||||
| Wimphash | 4 | 2 years ago | gpl-3.0 | C | ||||||
| Windows Import Table hash tool. | ||||||||||
| Fuzz2sql | 4 | 12 years ago | Python | |||||||
| A script to input PE Files, break it into the PE sections and perform fuzzy hash on each section. Subsequent runs will compare hashes in the database for similarity comparison. | ||||||||||
impfuzzy
Impfuzzy is Fuzzy Hash calculated from import API of PE files
pyimpfuzzy
Python module for comparing the impfuzzy
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)
pyimpfuzzy-windows
Python module comparing the impfuzzy for Windows
impfuzzy for Volatility
Volatility plugin for comparing the impfuzzy and imphash
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)
impfuzzy for Volatility3
Volatility plugin for comparing the impfuzzy / imphash / ssdeep
impfuzzy for Neo4j
Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)
Other Tools or Frameworks
MISP: Malware Information Sharing Platform and Threat Sharing
CRITs: Collaborative Research Into Threats
MultiScanner: File Analysis Framework
ViruSign: Malware Research & Data Center, Virus Free Downloads
