Tool and Usage
- Year of inception
- Apache License 2.0
- Programming language
- Latest release
- Latest release date
Why this tool?
Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.
Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.
How it works
Malice uses both a command line tool and a web interface. The CLI tool is used to perform a scan of a file or directory, optionally by automatically watching it for new files. Besides the scanning option, Malice can be used to perform a lookup of a known hash. This will provide a report with the relevant findings, like the detection by malware and anti-virus scan tools.
Malice is a modular framework and supports plugins. Each plugin can provide particular functionality to extend and customize. The plugins make it possible to retrieve data from VirusTotal, as one of the sources. Other functionality includes hash searches using the NSRL database, ShadowServer, and Team Cymru.
Usage and audience
Malice is commonly used for malware analysis, malware detection, malware research, or malware scanning. Target users for this tool are malware analysts, security professionals, and system administrators.
- Command line interface
- Docker support
- Web interface
Example usage and output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 500 GitHub stars
- + The source code of this software is available
History and highlights
- Demo at Black Hat USA 2018 Arsenal
Supported operating systems
Malice is known to work on Linux and macOS.
Similar tools to Malice:
YARA is a security tool to identify and classify malware samples and often used by malware researchers. Learn how it works in this review.
MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.
There are never enough tools to analyze malware, right? SSMA might be one of those tools that to add to your malware analysis toolbox.
This tool page was updated at . Found an improvement? Help the community by submitting an update.