Malcat icon

Malcat

Malcat is an open-source malware analysis tool that allows users to analyze malicious files, extract payloads, perform static analysis, and gather threat intelligence. It has support for a wide variety of file types including PE files, scripts, documents, and memory dumps.
Malcat alternatives ➤

What is Malcat?

Malcat is an open-source malware analysis toolkit designed to help security researchers and incident responders analyze and extract information from malicious files. It provides a modular framework for analyzing different types of files including Portable Executables (PE), MS Office documents, PDF documents, scripts, and memory dumps.

Key features of Malcat include:

  • Extracting payloads from malware samples such as embedded files, shellcode injections, and more.
  • Performing static analysis on PE files to extract imports, exports, strings, metadata and more.
  • Generating YARA rules based on parts of the analyzed file to aid threat hunting.
  • Identifying and extracting executables like droppers, downloaders, backdoors, etc packed inside complex malware.
  • Support for analyzing malicious MS Office, PDF and script files.
  • Analyzing process memory dumps for signs of injected code, hollowed processes etc.

Malcat aims to provide security teams with an easy to use toolkit to speed up malware triage, analysis and information extraction from advanced malware samples. Its modular design allows integrating custom processing modules. Being open-source allows community contributions to expand analysis capabilities over time.

Official Links

Official Website
malcat.fr

The Best Malcat Alternatives

Top Apps like Malcat

HxD, dnSpy, PE Explorer, Ghidra, Ghex, 010 Editor, ImHex, Binary Ninja, Hiew, REDasm, PE-bear, pestudio, radare2, Hexinator, Relyze, PEBrowse64 Professional, HT editor are some alternatives to Malcat.
Sugggest an alternative ❐

HxD

HxD is a free and open-source hex editor, disk editor, and memory editor software for Windows. It enables users to view, edit, analyze, modify and export the raw binary data of files or disks at the byte level in either hexadecimal or ASCII formats.Some key features and capabilities of...

DnSpy

dnSpy is an open-source .NET assembly editor, decompiler, and debugger that allows you to edit and debug managed assemblies in .NET applications. Some of the key features of dnSpy include:Assembly editing - dnSpy allows you to add, remove, and modify elements like types, methods, fields, properties, and events in...

PE Explorer

PE Explorer is a feature-rich portable executable (PE) file viewer, editor, analyzer, and debugger for Windows. It enables developers, reverse engineers, and malware analysts to examine the structure and components of EXE, DLL, OCX, SYS, and other PE file formats in great depth.With PE Explorer, you can view and...

Ghidra

Ghidra is a software reverse engineering (SRE) suite of tools developed by the National Security Agency (NSA) of the United States. It was first released at the RSA Conference in March 2019 as an open-source project.Ghidra provides a graphical user interface and a set of analysis tools that allow security...

Ghex

Ghex is a graphical hex editor designed for Linux and other Unix-like operating systems. As a hex editor, it allows users to view and edit the raw binary contents of files in either hexadecimal or ASCII formats.Some key features of Ghex include:Open, view, edit, and save files with...

010 Editor

010 Editor is a powerful hex editor and text editor software used for analyzing and editing binary files. Some key features of 010 Editor include:Hex editor with nibble and bit level editing supportText editor with syntax highlighting for multiple languagesFile comparisons for finding binary file differencesCalculate checksums and hash values like...

ImHex

ImHex is an advanced hex editor, disk editor, and debugger that enables viewing and editing binary files such as executables. It features a modern and intuitive UI providing powerful tools for data analysis and editing aimed towards IT security experts.Key features include:Fast binary editing using hex, decimal, octal...

Binary Ninja

Binary Ninja is a versatile reverse engineering platform used for software analysis, vulnerability research, and reverse code engineering. It provides disassembly, decompilation, graphing, scripting, and other functionality to examine and modify binary programs.Some key features of Binary Ninja include:Supports a wide range of architectures including x86, ARM, MIPS...

Hiew

Hiew is a versatile hex editor, disk editor and memory editor software for 32-bit and 64-bit Windows operating systems. It enables users to view, edit, analyze, modify, copy, and manipulate files, disks, and memory in hexadecimal or ASCII.Some of the key features of Hiew include:Supports editing files of...

REDasm

REDasm is an assembler and disassembler tool aimed at reverse engineering software. It supports disassembling code from platforms like x86, ARM, PowerPC, and MIPS. Some key features of REDasm include:Graphical user interface for easy navigation and analysis of disassembled codeSupports analysis of multiple file formats like PE, ELF, Mach-O...

PE-bear

PE-bear is a free, open source portable executable (PE) malware analysis tool for Windows. It performs static analysis on PE files to extract metadata and identify suspicious characteristics that may indicate the file is malicious.Features of PE-bear include:Extracting PE header information like imports, exports, resources, etc.Identifying packing...

Pestudio

Pestudio is a free portable program for Windows that allows users to scan executable files like EXE, DLL, OCX files to detect viruses, malware, adware, spyware, rootkits and other threats. It utilizes the scanning engines and malware databases of over 30 popular antivirus products and online malware scan services to analyze...

Radare2

radare2 is an advanced, modular, portable reverse engineering framework. It provides a rich set of tools for analyzing binary files, disassembling code, debugging programs, analyzing malware, and more.Some of the key features of radare2 include:Multi-architecture disassembler supporting many Instruction Set Architectures like x86, ARM, MIPS, PowerPC, and moreNative...

Hexinator

Hexinator is a powerful hexadecimal editor and disk editor for Windows. It allows you to view, edit, analyze, validate, and modify hexadecimal data. Some key features of Hexinator include:Supports files of any sizeFlexible viewing options (bytes, bits, UTF-8, UTF-16)Advanced search and replaceChecksum/hash calculationsData inspection and validationFile comparisonBookmarkingScripting...

Relyze

Relyze is a comprehensive cybersecurity software platform designed to help organizations continuously validate their security controls and demonstrate compliance. It features:Automated asset discovery to maintain an up-to-date inventory of all IT assets.Ongoing security control assessments based on industry frameworks like NIST, PCI DSS, and HIPAA.Compliance reporting across...

PEBrowse64 Professional

PEBrowse64 Professional is a powerful Windows application designed specifically for inspecting and analyzing portable executable (PE) files such as EXE, DLL, OCX, SYS, DRIVER, FON, and more. It allows you to examine the internal structure, headers, sections, data directories, imports, exports, resources, and other aspects of 32-bit and 64-bit PE...

HT editor

HT editor is a free, open-source HTML editor for Windows. Developed by Wolfgang Steinwender, it is designed to be a lightweight and easy-to-use editor for creating and editing HTML files.Some key features of HT editor include:Syntax highlighting for HTML, CSS, JavaScript and other web languagesCode completion and linting...