SSMA
Tool and Usage
Project details
- License
- GPLv3
- Programming language
- Python
- Author
- Lasha Khasaia
- Latest release
- No release found
- Latest release date
- Unknown
Project health
Why this tool?
SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected or blocked by using VirusTotal and the blocklist of malwaredomains.com.
How it works
The tool is modular and depending on the file structures it can find, it leverages the related functions to perform more in-depth analysis.
Usage and audience
SSMA is commonly used for malware analysis, malware detection, malware scanning, or reverse engineering. Target users for this tool are malware analysts and security professionals.
Features
- Command line interface
Example usage and output
███████╗███████╗███╗ ███╗ █████╗
██╔════╝██╔════╝████╗ ████║██╔══██╗ Simple
███████╗███████╗██╔████╔██║███████║ Static
╚════██║╚════██║██║╚██╔╝██║██╔══██║ Malware
███████║███████║██║ ╚═╝ ██║██║ ██║ Analyzer
╚══════╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝
File Details:
File: /bin/ps
Size: 97408 bytes
Type: application/x-executable
MD5: c390c05f1f40112a7e4f34e7428942a8
SHA1: a982bc9ef7ed005625ee02855d45d813bf186bf3
================================================================================
Dependencies:
linux-vdso.so.1 => (0x00007ffc4a1bf000)
libprocps.so.4 => /lib/x86_64-linux-gnu/libprocps.so.4 (0x00007f2bbf665000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f2bbf461000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2bbf097000)
libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f2bbfa22000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2bbf88c000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f2bbee75000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f2bbec6d000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f2bbea4b000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f2bbe76a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f2bbe54d000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f2bbe2dd000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f2bbe0c9000)
================================================================================
Program Header Information:
Elf file type is EXEC (Executable file)
Entry point 0x402f10
There are 9 program headers, starting at offset 64
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
Strengths
- + The source code of this software is available
Weaknesses
- - No releases on GitHub available
Installation
Supported operating systems
SSMA is known to work on Linux.
Dependencies
Several dependencies are required to use SSMA.
- GitPython
- elasticsearch
- pefile
- py3dns
- pyelftools
- python-magic
- uuid
- virustotal-api
- yara-python
SSMA alternatives
Similar tools to SSMA:
MultiScanner
MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.
Binary Analysis Next Generation
Binary Analysis Next Generation (BANG) or binaryanalysis-ng is a security tool to perform binary analysis by Armijn Hemel. Learn how the tool works.
Mal Tindex
Mal Tindex is an open source security tool to index binaries with the goal to attribute them to malware campaigns. Read in this review how it works.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
Categories
This tool is categorized as a Linux malware analysis tool and Linux malware scanner.