This simple tool is used to automate information extraction during basic analysis which is performed during malware analysis.

This tool is based on Radare2 RE framework and YARA for getting static information about the binary and detecting packing and encryption algorithms.

Also, this tool uses VirusTotla API to scan the binary against security vendors and also run the malware on Microsoft Sysinternals Sandbox to automate dynamic analysis and get more information about binary behavior.

• Get static analysis information from Radare2

  • Strings
  • APIs
  • Hashes
  • Sections
  • Resources
  • DLLs
  • General information
  • Exports (if the binary is DLL)

• Check for packers and cryptos using YARA rules

• Get all vendors that mark the binary as a malicious file from VirusTotal

• Get a binary's behavior report from Microsoft Sysinternals Sandbox

Open the terminal inside the root directory of the tool and fire this command:

You can add more information from Radare2 by just adding the command and file name for the output.

Also, you can make your VT API key hard-coded to make the usage more easy.

• Detect packers and cryptos with YARA and pefile

• Radare2 Tutorial

• Introduction to r2pipe API

• VirusTotal API documenatation