Extract IOCs from malware samples to help in the static analysis during incident response. It can be used to scan entire hosts in search of compromised files or to extract data from single binary files.
It can be used to extract static data from PE, ELF, DEX and MACH-O formats. It can be extended by just adding a parser of the file type needed.
git clone https://github.com/malwarai/malware-extractor.git
cd malware-extractor
pip install -r requirements.txt
To see all available commands
python main.py -h
To extract static data from a binary just use the -fe argument
python main.py -fe file_to_extract_data_from.exe
To scan a file to determine if it may be malicious, you can can pass the following arguments: -fs (file to be scanned) and -yr (the yara compiled file to match against)
python main.py -fs file_to_be_analyzed.exe -yr compiled_yara_file.yara
For scanning an entire directory or host provide -rd (root directory) from where to start the scan.
python main.py -rd /directory_to_be_scanned/ -yr compiled_yara_file.yara
The output of the scans and analysis will be saved in a txt file in the same directory.