SEMA
System call analysis tool
Analyzes malware by extracting and comparing system call dependencies to classify and detect malicious behavior
SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SCDG). Those SCDGs can be exploited in machine learning modules to do classification/detection.
94 stars
3 watching
17 forks
Language: Python
last commit: 3 months ago angrbinary-analysisclassificationconcolic-executionctfcybersecuritydetectionlinuxmalwaremalware-analysismalware-detectionmalware-researchpythonreversereverse-engineeringsemastatic-analysissymbolicsymbolic-executionwindows
Related projects:
| Repository | Description | Stars |
|---|---|---|
 malwarecantfly/vba2graph | Analyzes VBA code to generate visual call graphs and highlights potential malicious keywords | 274 |
 kevoreilly/capev2 | A tool to extract configuration and payload from malware by analyzing its behavior in a sandboxed environment. | 2,011 |
 telekom-security/malware_analysis | An analysis repository providing scripts, signatures, and IOCs for detecting and analyzing malware. | 110 |
 secrary/makin | An analysis tool that reveals anti-debugging and anti-VM techniques used by malware samples. | 732 |
 mandiant/capa | An executable file analysis tool that identifies capabilities and potential malicious behaviors. | 4,885 |
 christhecoolhut/firmware_slap | Analyzes firmware vulnerabilities using concolic analysis and function clustering | 470 |
 herosi/cto | An IDA plugin for creating and analyzing function call graphs of malware | 324 |
 jpcertcc/aa-tools | A collection of tools and scripts for analyzing malware, reverse engineering malware, and decrypting encrypted data | 455 |
 quarkslab/irma | An asynchronous analysis system for suspicious files | 269 |
 cyb3rmx/qu1cksc0pe | A comprehensive tool for analyzing suspicious files and detecting malware characteristics. | 1,320 |
 zhengmin1989/droidanalytics | An Android malware analysis system designed to collect and analyze malware signatures using machine learning techniques. | 29 |
 sekoialab/fastir_collector_linux | A tool for gathering and recording information from live Linux systems for forensic analysis | 173 |
 adametry/gulp-eslint | Identifies and reports on patterns in ECMAScript/JavaScript code | 562 |
 3coresec/automata | Automated tool to detect errors in security monitoring and measure effectiveness of SIEM rules against various behaviors. | 51 |
 certego/pcapmonkey | An analysis tool for packet capture files using Suricata and Zeek | 144 |