https://github.com/jpcertcc/impfuzzy

Fuzzy Hash calculated from import API of PE files
https://github.com/jpcertcc/impfuzzy

clustering impfuzzy malware neo4j python security volatility

Last synced: 5 months ago
JSON representation

Fuzzy Hash calculated from import API of PE files

• Host: GitHub
• URL: https://github.com/jpcertcc/impfuzzy
• Owner: JPCERTCC
• License: gpl-2.0
• Created: 2017-09-06T03:11:23.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2022-08-26T08:00:05.000Z (over 3 years ago)
• Last Synced: 2025-09-01T23:39:42.134Z (5 months ago)
• Topics: clustering, impfuzzy, malware, neo4j, python, security, volatility
• Language: Python
• Size: 317 KB
• Stars: 90
• Watchers: 12
• Forks: 18
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# impfuzzy

  Impfuzzy is Fuzzy Hash calculated from import API of PE files

## pyimpfuzzy

  Python module for comparing the impfuzzy

  More details are described in the following documents:   

  https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)   

  http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)

## pyimpfuzzy-windows

  Python module comparing the impfuzzy for Windows  

## impfuzzy for Volatility

  Volatility plugin for comparing the impfuzzy and imphash

  More details are described in the following documents:   

  https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)   

  http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)

## impfuzzy for Volatility3

  Volatility plugin for comparing the impfuzzy / imphash / ssdeep

## impfuzzy for Neo4j

  Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j

  More details are described in the following documents:   

  https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)   

  http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)

## Other Tools or Frameworks

  [MISP](http://www.misp-project.org): Malware Information Sharing Platform and Threat Sharing  

  [CRITs](https://crits.github.io): Collaborative Research Into Threats  

  [MultiScanner](http://multiscanner.readthedocs.io/en/latest/): File Analysis Framework  

  [ViruSign](https://www.virusign.com): Malware Research & Data Center, Virus Free Downloads