What is Malcat?
Malcat is an open-source malware analysis toolkit designed to help security researchers and incident responders analyze and extract information from malicious files. It provides a modular framework for analyzing different types of files including Portable Executables (PE), MS Office documents, PDF documents, scripts, and memory dumps.
Key features of Malcat include:
- Extracting payloads from malware samples such as embedded files, shellcode injections, and more.
- Performing static analysis on PE files to extract imports, exports, strings, metadata and more.
- Generating YARA rules based on parts of the analyzed file to aid threat hunting.
- Identifying and extracting executables like droppers, downloaders, backdoors, etc packed inside complex malware.
- Support for analyzing malicious MS Office, PDF and script files.
- Analyzing process memory dumps for signs of injected code, hollowed processes etc.
Malcat aims to provide security teams with an easy to use toolkit to speed up malware triage, analysis and information extraction from advanced malware samples. Its modular design allows integrating custom processing modules. Being open-source allows community contributions to expand analysis capabilities over time.
HxD, dnSpy, PE Explorer, Ghidra, Ghex, 010 Editor, ImHex, Binary Ninja, Hiew, REDasm, PE-bear, pestudio, radare2, Hexinator, Relyze, PEBrowse64 Professional, HT editor are some alternatives to Malcat.