Home

Awesome

impfuzzy

Impfuzzy is Fuzzy Hash calculated from import API of PE files

pyimpfuzzy

Python module for comparing the impfuzzy

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)

pyimpfuzzy-windows

Python module comparing the impfuzzy for Windows

impfuzzy for Volatility

Volatility plugin for comparing the impfuzzy and imphash

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)

impfuzzy for Volatility3

Volatility plugin for comparing the impfuzzy / imphash / ssdeep

impfuzzy for Neo4j

Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)

Other Tools or Frameworks

MISP: Malware Information Sharing Platform and Threat Sharing
CRITs: Collaborative Research Into Threats
MultiScanner: File Analysis Framework
ViruSign: Malware Research & Data Center, Virus Free Downloads