Skip to content

anpa1200/Static-malware-Analysis-Orchestrator

Repository files navigation

Static Malware Analysis Orchestrator

One-command static malware-analysis pipeline that turns sample triage into strings, PE imports, unpacking notes, IOC context, and LLM-ready reports.

License Last commit Python

Demo

Add an 8-15 second GIF showing: sample input -> triage -> strings/imports -> unpacking check -> report output.

What This Is For

A malware analyst runs this when a suspicious binary needs fast static triage before sandboxing or reverse engineering. The pipeline creates structured output that can feed CTI notes or detection engineering.

What It Produces

Output Use
Triage summary Analyst first pass
Strings IOC and behavior leads
PE imports Capability review
Unpacking notes Reverse-engineering path
LLM-ready report Structured analysis prompt input

Quick Start

git clone https://github.com/anpa1200/Static-malware-Analysis-Orchestrator.git
cd Static-malware-Analysis-Orchestrator
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python orchestrator.py samples/example.exe --out reports/

How It Works

flowchart LR
  Sample[Sample] --> Triage[Triage]
  Triage --> Strings[Strings]
  Triage --> Imports[PE imports]
  Triage --> Unpack[Unpack checks]
  Strings --> Report[LLM-ready report]
  Imports --> Report
  Unpack --> Report
Loading

Coverage

Area Coverage
Triage File metadata and quick characteristics
Static analysis Strings, imports, packer indicators
Output Human report and LLM-ready structure
Role Malware triage, CTI notes, detection seed material

Limitations And Honesty

Static analysis misses behavior that is packed, staged, dynamically resolved, or environment-aware. Use this as a first pass, not a final malware verdict.

Companion Material

Citation

See CITATION.cff.

License

MIT recommended.

Security Policy

See SECURITY.md.

1200km Ecosystem

This project is part of the 1200km security research ecosystem. Use AdversaryGraph for CTI-to-detection workflows, ATT&CK/ATLAS mapping, actor relevance, IOC enrichment, and analyst-ready reporting.

About

Static malware triage orchestrator for strings, PE imports, unpacking notes, IOC context, and LLM-ready reports.

Topics

Resources

Contributing

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors