VolatilityBot : an automated memory analyzer for malware samples and memory dumps

Cutting out the manual tasks in the first steps of memory analysis

When you study new malware or wish to analyse suspicious executables you need to to extract the binary file and all the different injections and strings decrypted during the malware’s execution.

VolatilityBot cuts out all the manual tasks in the first steps of memory analysis: performs an automated analysis of memory dumps, using heuristics and YARA/Clam AV Scanners, automatically performs the binary extraction and fetches all new processes created in memory, code injections, strings, IP addresses.

Current features

  • Automated analaysis of malware samples (Based on diff-ing between clean memory image and infected one )
  • Extraction of injected code
  • Dump of new processes
  • Yara scan, static analysis, string extraction, etc. on all outputs
  • Automated heuristic analysis of memory dumps
  • Detect anomallies using heuristics and dump the relevant code
  • Yara scan, static analysis, string extraction, etc. on all outputs

More information and downloads

https://github.com/mkorman90/VolatilityBot

Comments