impfuzzy
impfuzzy copied to clipboard
JPCERTCC
Fuzzy Hash calculated from import API of PE files
impfuzzy
Impfuzzy is Fuzzy Hash calculated from import API of PE files
pyimpfuzzy
Python module for comparing the impfuzzy
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)
pyimpfuzzy-windows
Python module comparing the impfuzzy for Windows
impfuzzy for Volatility
Volatility plugin for comparing the impfuzzy and imphash
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)
impfuzzy for Volatility3
Volatility plugin for comparing the impfuzzy / imphash / ssdeep
impfuzzy for Neo4j
Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)
Other Tools or Frameworks
MISP: Malware Information Sharing Platform and Threat Sharing
CRITs: Collaborative Research Into Threats
MultiScanner: File Analysis Framework
ViruSign: Malware Research & Data Center, Virus Free Downloads
JPCERTCC