Skip to content

Releases: Tencent/HaboMalHunter

HaboMalHunter(v2.0.0.3)

17 Jan 09:23
@jingleyang jingleyang
v2.0.0.3
731d9c2
Compare
Choose a tag to compare
HaboMalHunter(v2.0.0.3) Latest
Latest

Features

The tool can be used for the static and dynamic analysis of ELF files on the Linux x86/x64 platform.

Static analysis

  1. Basic Information: md5, name, file type, size and SSDEEP.
  2. SO Files Dependency: SO files information (only applied for dynamic linked files).
  3. Strings Information.
  4. ELF Header and Entry Point.
  5. IP and PORTS
  6. ELF Segment, Section and Hash.
  7. Source File Names.

Dynamic analysis

  1. Starting and Termination: Time Stamps and Elapsed Time.
  2. Processes Information: clone, execve and exit etc.
  3. File I/O: open, read, write and delete etc.
  4. Network: TCP, UDP, HTTP and HTTPS etc.
  5. Typical Malicous Actions: self deletion, midification and lock.
  6. API Information: getpid, system, dup and other libc functions.
  7. syscall sequences.
  8. [new added] memory analysis
  9. [new added] log to html

功能清单

开源代码支持Linux x86/x64 平台上的ELF文件的自动化静态动态分析功能。

静态分析

  1. 基础信息:包括文件md5,名称,类型,大小和SSDEEP等信息。
  2. 依赖so信息:对于动态链接的文件,输出依赖的so信息。
  3. 字符串信息
  4. ELF头信息,入口点
  5. IP和端口信息
  6. ELF段信息,节信息和hash值
  7. 源文件名称

动态分析

  1. 动态运行启动结束信息:耗时等
  2. 进程信息:clone系统调用,execve调用,进程创建结束等
  3. 文件操作信息:打开,读取,修改,删除等文件IO操作
  4. 网络信息:TCP, UDP, HTTP, HTTPS, SSL等信息
  5. 典型恶意行为:自删除,自修改和自锁定等
  6. API信息:getpid, system, dup 等libc函数调用
  7. syscall 序列信息
  8. [新加] 内存分析
  9. [新加] 日志格式增加HTML格式
Assets 3
Loading

HaboMalHunter(v2.0.0.2)

12 Jan 12:04
@jingleyang jingleyang
v2.0.0.2
f0e9324
Compare
Choose a tag to compare
HaboMalHunter(v2.0.0.2)

Features

The tool can be used for the static and dynamic analysis of ELF files on the Linux x86/x64 platform.

Static analysis

  1. Basic Information: md5, name, file type, size and SSDEEP.
  2. SO Files Dependency: SO files information (only applied for dynamic linked files).
  3. Strings Information.
  4. ELF Header and Entry Point.
  5. IP and PORTS
  6. ELF Segment, Section and Hash.
  7. Source File Names.

Dynamic analysis

  1. Starting and Termination: Time Stamps and Elapsed Time.
  2. Processes Information: clone, execve and exit etc.
  3. File I/O: open, read, write and delete etc.
  4. Network: TCP, UDP, HTTP and HTTPS etc.
  5. Typical Malicous Actions: self deletion, midification and lock.
  6. API Information: getpid, system, dup and other libc functions.
  7. syscall sequences.

功能清单

开源代码支持Linux x86/x64 平台上的ELF文件的自动化静态动态分析功能。

静态分析

  1. 基础信息:包括文件md5,名称,类型,大小和SSDEEP等信息。
  2. 依赖so信息:对于动态链接的文件,输出依赖的so信息。
  3. 字符串信息
  4. ELF头信息,入口点
  5. IP和端口信息
  6. ELF段信息,节信息和hash值
  7. 源文件名称

动态分析

  1. 动态运行启动结束信息:耗时等
  2. 进程信息:clone系统调用,execve调用,进程创建结束等
  3. 文件操作信息:打开,读取,修改,删除等文件IO操作
  4. 网络信息:TCP, UDP, HTTP, HTTPS, SSL等信息
  5. 典型恶意行为:自删除,自修改和自锁定等
  6. API信息:getpid, system, dup 等libc函数调用
  7. syscall 序列信息
Assets 3
Loading