https://github.com/enkomio/sojobo

A binary analysis framework
https://github.com/enkomio/sojobo

b2r2 dotnet fsharp malware-analysis malware-analyzer malware-research program-analysis reverse-engineering security security-framework security-tools

Last synced: 7 days ago
JSON representation

A binary analysis framework

• Host: GitHub
• URL: https://github.com/enkomio/sojobo
• Owner: enkomio
• License: other
• Created: 2019-03-16T13:12:07.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2020-12-17T16:18:39.000Z (over 4 years ago)
• Last Synced: 2025-03-29T15:22:31.369Z (about 1 month ago)
• Topics: b2r2, dotnet, fsharp, malware-analysis, malware-analyzer, malware-research, program-analysis, reverse-engineering, security, security-framework, security-tools
• Language: F#
• Homepage:
• Size: 27.9 MB
• Stars: 132
• Watchers: 5
• Forks: 18
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        
# Sojobo - A binary analysis framework

_Sojobo_ is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries (the project is self contained).

With _Sojobo_ you can:

* Emulate a (32 bit) PE binary

* Inspect the memory of the emulated process

* Read the process state

* Display a disassembly of the executed code

* Emulate functions in a managed language (C# || F#)

### Tools using Sojobo

- ADVDeobfuscator

# ADV Deobfuscator - A string deobfuscator for ADVObfuscator

_ADVDeobfuscator_ is tool based on the Sojobo binary analysis framework that analyzes a binary obfuscated with ADBObfuscator and decodes the identified strings.

## Download

A compiled version is available to Community sponsored users. If you are a sponsored user you can download the binary from: https://github.com/enkomio-sponsor/compiled_binaries

## Documentation

The image below shows an execution of ADVDeobfuscator on the Conti Ransomware.



The image below shows an execution of ADVDeobfuscator on the Taurus Stealer (see also Predator the thief).



I wrote a blog post on how to deobfuscate the Team 9 binaries.

# Using Sojobo

_Sojobo_ is intended to be used as a framework to create program analysis utilities. However, various sample utilities were created in order to show how to use the framework in a profitable way. 

## Download

 - [Source code][1]

## Documentation

The project is fully documented in F# (cit.) :) Joking apart, I plan to write some blog posts related to how to use Sojobo. Below a list of the current posts:

 - Sojobo - Yet another binary analysis framework

 

You can also read the API documentation.

## Compile

In order to compile Sojobo you need .NET Core to be installed and Visual Studio. To compile just run **build.bat**.

## License

Copyright (C) 2019 Antonio Parata - @s4tan

_Sojobo_ is licensed under the [Creative Commons](LICENSE.md).

  [1]: https://github.com/enkomio/sojobo/tree/master/Src