Sunday, 20. November 2011
PDF Stream Dumper
This is a free tool for the analysis of malicious PDF documents. It also has some features that can make it useful for pdf vulnerability development.

Has specialized tools for dealing with obsfuscated javascript, low level pdf headers and objects, and shellcode. In terms of shellcode analysis, it has an integrated interface for libemu sctest, an updated build of iDefense sclog, and a shellcode_2_exe feature.

Javascript tools include integration with JS Beautifier for code formatting, the ability to run portions of the script live for live deobsfuscation, toolbox classes to handle extra canned functionality, as well as a pretty stable refactoring engine that will parse a script and replace all the screwy random function and variable names with logical sanitized versions for readability.

Tool also supports unescaping/formatting manipulated pdf headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.)

Download incl. full vb6 source



Saturday, 5. November 2011
Duqu Analysis Detection Tool
NSS engineers have developed a scanning tool that can be used to detect all DuQu drivers installed on a system. This tool was developed in the hopes that additional drivers can be discovered to allow us to learn more about the functionality, capabilities and ultimate purpose of DuQu.




Sunday, 18. September 2011
Balaji Plus Cloud Antivirus Scanner
Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both and, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions.




Thursday, 15. September 2011
Hook analyser
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.




Monday, 12. September 2011
Rootkit Hunter
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files




Friday, 26. August 2011
Malheur Automatic Malware Analysis - Linux
Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.





Sunday, 21. August 2011
Origami – Analyze evil pdf - Linux
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject code into already existing documents.

Origami uses the Mercurial repository that can be accessed with this command:
hg clone origami



Tuesday, 16. August 2011
Online Malware Scanners
PDF Analyzer allows you to view PDF objects as hex/text, also provides PDF dissector and inspector engines and scanning for known exploits.

Sunbelt Sandbox is an approach to automatically analyze malware which is based on behavior analysis. Malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored.

GFI’s sunbelt online sandbox engine.

URLVoid allows users to scan a website address with multiple scanning engines such as Google Diagnostic, McAfee SiteAdvisor, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites.

Symantec’s reputation service Norton Safe Web.

The AVG LinkScanner Drop Zone lets you check the safety of individual web pages you are about to visit, also will examine the web page in real time to see whether it’s hiding any suspicious downloads.

Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.

Joebox Sandbox.

With VirusTotal, send a file and see the detection according the AV vendors.

Novirusthanks is a ree service that allows users to upload and scan a file with multiple Antivirus engines. Users can also analyze a website url or a remote file with the option Scan Web Address.

Jotti’s malware scan is a free online service that enables you to scan suspicious files with several anti-virus programs. Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences. There is a 20MB limit per file. Keep in mind that no security solution offers 100% protection, not even when it uses several anti-virus engines (for example, this scan service).

Anubis is a service for analyzing malware.

Comodo’s online file analysis tool.

McAfee SiteAdvisor test websites for spyware, spam and scams so you can search, surf and shop more safely.

Ether provides Malware Analysis via Hardware Virtualization Extensions.

ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

IPVoid allows users to scan an IP Address with multiple scanning services to facilitate the detection of IP Addresses that have committed malicious activity and to check if a website is hosted in a compromised server, used for spam, phishing or to host malicious content.

Netscty’s malware analysis sandbox tool performs cutting edge analysis of the potentially malicious file in our controlled environment. Our free online malicious software (malware) analysis tool provides a fast comprehensive evaluation of a variety of malware such as botnet software, viruses, spyware, trojans, and keyloggers.

JSUnpack Online – Online version of the stand-alone tool jsunpack.

CWSandbox is online service that runs file you submit through automated sandbox analysis.

Upload files that you suspect are malicious or infected by malicious components for instant analysis by Norman SandBox.



Tuesday, 9. August 2011
YARA v1.6
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. Let's see an example:




Wednesday, 3. August 2011
Fetures of websitedefender

Detect Malware present on your website
Audit your web site for security issues
Avoid getting blacklisted by Google
Keep your web site content & data safe
Get alerted to suspicious hacker activity
Secures against malware and hackers
Keeps your customers data safe
Avoid being blacklisted by Google
Provides WordPress security

Click here to register or know more on WebsiteDefender.