Skip to content
forked from JPCERTCC/impfuzzy

Fuzzy Hash calculated from import API of PE files

Notifications You must be signed in to change notification settings

re-fox/impfuzzy

 
 

Repository files navigation

impfuzzy

Impfuzzy is Fuzzy Hash calculated from import API of PE files

pyimpfuzzy

Python module for comparing the impfuzzy

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)

pyimpfuzzy-windows

Python module comparing the impfuzzy for Windows

impfuzzy for Volatility

Volatility plugin for comparing the impfuzzy and imphash

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)

impfuzzy for Volatility3

Volatility plugin for comparing the impfuzzy / imphash / ssdeep

impfuzzy for Neo4j

Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j

More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)

Other Tools or Frameworks

MISP: Malware Information Sharing Platform and Threat Sharing
CRITs: Collaborative Research Into Threats
MultiScanner: File Analysis Framework
ViruSign: Malware Research & Data Center, Virus Free Downloads

About

Fuzzy Hash calculated from import API of PE files

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 94.6%
  • C 5.4%