SSMA

LSE toolsLSE toolsSSMA (186)SSMA (186)

Tool and Usage

Project details
LicenseGPLv3
Programming languagePython
AuthorLasha Khasaia
Latest releaseNo release found

Project health

78
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

SSMA is short for Simple Static Malware Analyzer. The tool can perform a set of tests against a malware sample and retrieve metadata from it. SSMA can analyze ELF and PE and analyze its structure. For example, it can retrieve the PE file header information and its sections. Other pieces it can analyze is the usage of packers, anti-debugging techniques, cryptographic algorithms, domains, email addresses, and IP addresses. It can also check if the sample is already detected or blocked by using VirusTotal and the blocklist of malwaredomains.com.

How it works

The tool is modular and depending on the file structures it can find, it leverages the related functions to perform more in-depth analysis.

Usage and audience

SSMA is commonly used for malware analysis, malware detection, malware scanning, or reverse engineering. Target users for this tool are malware analysts and security professionals.

Features

  • Command line interface

Example usage and output

$ ./ssma.py /bin/ps

███████╗███████╗███╗ ███╗ █████╗
██╔════╝██╔════╝████╗ ████║██╔══██╗ Simple
███████╗███████╗██╔████╔██║███████║ Static
╚════██║╚════██║██║╚██╔╝██║██╔══██║ Malware
███████║███████║██║ ╚═╝ ██║██║ ██║ Analyzer
╚══════╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝

File Details:
File: /bin/ps
Size: 97408 bytes
Type: application/x-executable
MD5: c390c05f1f40112a7e4f34e7428942a8
SHA1: a982bc9ef7ed005625ee02855d45d813bf186bf3

================================================================================
Dependencies:
linux-vdso.so.1 => (0x00007ffc4a1bf000)
libprocps.so.4 => /lib/x86_64-linux-gnu/libprocps.so.4 (0x00007f2bbf665000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f2bbf461000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2bbf097000)
libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f2bbfa22000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2bbf88c000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f2bbee75000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f2bbec6d000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f2bbea4b000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f2bbe76a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f2bbe54d000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f2bbe2dd000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f2bbe0c9000)

================================================================================
Program Header Information:

Elf file type is EXEC (Executable file)
Entry point 0x402f10
There are 9 program headers, starting at offset 64

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code of this software is available

Weaknesses

  • - No releases on GitHub available

Author and Maintainers

SSMA is under development by Lasha Khasaia.

Installation

Supported operating systems

SSMA is known to work on Linux.

Dependencies

Several dependencies are required to use SSMA.

  • elasticsearch
  • GitPython
  • pefile
  • py3dns
  • pyelftools
  • python-magic
  • uuid
  • virustotal-api
  • yara-python

SSMA alternatives

Similar tools to SSMA:

84

MultiScanner

MultiScanner is a modular file scanning and analysis framework. It can be used to scan files and detect malware or other suspicious traces. With the help of the modules, it can be extended to provide more details about a file.

64

Binary Analysis Next Generation

Binary Analysis Next Generation (BANG) or binaryanalysis-ng is a security tool to perform binary analysis by Armijn Hemel. Learn how the tool works.

85

Malice

Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. Read how the framework works in this review.

All SSMA alternatives

Found an improvement? Help the community by submitting an update.