One-command static malware-analysis pipeline that turns sample triage into strings, PE imports, unpacking notes, IOC context, and LLM-ready reports.
Add an 8-15 second GIF showing: sample input -> triage -> strings/imports -> unpacking check -> report output.
A malware analyst runs this when a suspicious binary needs fast static triage before sandboxing or reverse engineering. The pipeline creates structured output that can feed CTI notes or detection engineering.
| Output | Use |
|---|---|
| Triage summary | Analyst first pass |
| Strings | IOC and behavior leads |
| PE imports | Capability review |
| Unpacking notes | Reverse-engineering path |
| LLM-ready report | Structured analysis prompt input |
git clone https://github.com/anpa1200/Static-malware-Analysis-Orchestrator.git
cd Static-malware-Analysis-Orchestrator
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python orchestrator.py samples/example.exe --out reports/flowchart LR
Sample[Sample] --> Triage[Triage]
Triage --> Strings[Strings]
Triage --> Imports[PE imports]
Triage --> Unpack[Unpack checks]
Strings --> Report[LLM-ready report]
Imports --> Report
Unpack --> Report
| Area | Coverage |
|---|---|
| Triage | File metadata and quick characteristics |
| Static analysis | Strings, imports, packer indicators |
| Output | Human report and LLM-ready structure |
| Role | Malware triage, CTI notes, detection seed material |
Static analysis misses behavior that is packed, staged, dynamically resolved, or environment-aware. Use this as a first pass, not a final malware verdict.
- AIDebug: https://github.com/anpa1200/AIDebug
- Android-Malware-Analysis: https://github.com/anpa1200/Android-Malware-Analysis
See CITATION.cff.
MIT recommended.
See SECURITY.md.
This project is part of the 1200km security research ecosystem. Use AdversaryGraph for CTI-to-detection workflows, ATT&CK/ATLAS mapping, actor relevance, IOC enrichment, and analyst-ready reporting.