Malcat
Topics
Getting started
Usage
Analysis engine (doc in progress)
Scripting
Analysis object (analysis)
File object (analysis.file)
Address mapping (analysis.map)
File structures (analysis.struct)
File entropy (analysis.entropy)
Strings (analysis.strings)
Cross References (analysis.xref)
Disassembly (analysis.asm)
Control Flow Graph (analysis.cfg)
Strongly Connected Components (analysis.loops)
Functions (analysis.fns)
Symbols (analysis.syms)
Cross References (analysis.xref)
Carved files (analysis.carved)
Virtual files (analysis.vfiles)
Yara signatures (analysis.sigs)
Anomalies (analysis.anomalies)
User comments (analysis.comments)
User highlighted regions (analysis.highlights)
Index
Links
Malcat Website
Malcat
Index
Index
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
L
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
V
|
W
|
X
A
access (malcat.CodeReference attribute)
action (malcat.malcat.InstructionOperand attribute)
ADD (malcat.malcat.Instruction.Type attribute)
address (malcat.BasicBlock attribute)
(malcat.BasicBlockEdge attribute)
(malcat.CarvedFile attribute)
(malcat.FoundString attribute)
(malcat.Function attribute)
(malcat.Instruction attribute)
(malcat.References attribute)
(malcat.Region attribute)
(malcat.StructAccess attribute)
(malcat.Symbol attribute)
(malcat.UndoableOperation attribute)
(malcat.UserComment attribute)
(malcat.UserHighlight attribute)
all (malcat.Signatures attribute)
analysis (built-in variable)
Analysis (class in malcat)
Analysis.a2p() (in module malcat)
Analysis.a2r() (in module malcat)
Analysis.a2v() (in module malcat)
analysis.anomalies (built-in variable)
analysis.asm (built-in variable)
analysis.carved (built-in variable)
analysis.cfg (built-in variable)
analysis.comments (built-in variable)
analysis.entropy (built-in variable)
analysis.file (built-in variable)
analysis.fns (built-in variable)
analysis.highlights (built-in variable)
Analysis.invalidate() (in module malcat)
Analysis.load() (in module malcat)
analysis.loops (built-in variable)
analysis.map (in module malcat)
Analysis.p2a() (in module malcat)
Analysis.ppa() (in module malcat)
Analysis.r2a() (in module malcat)
Analysis.run() (in module malcat)
Analysis.save() (in module malcat)
analysis.sigs (built-in variable)
analysis.strings (built-in variable)
analysis.struct (built-in variable)
analysis.syms (built-in variable)
Analysis.v2a() (in module malcat)
analysis.vfiles (built-in variable)
analysis.xref (built-in variable)
AND (malcat.malcat.Instruction.Type attribute)
Anomalies (class in malcat)
anomalies (malcat.Analysis attribute)
Anomalies.__contains__() (in module malcat)
Anomalies.__getattr__() (in module malcat)
Anomalies.__getitem__() (in module malcat)
Anomalies.__iter__() (in module malcat)
Anomaly (class in malcat)
ANOMALY (malcat.malcat.Category attribute)
Architecture (class in malcat)
architecture (malcat.Analysis attribute)
ARCHIVE (malcat.FileType.Category attribute)
args (malcat.Function attribute)
ASCII (malcat.malcat.FoundString.Encoding attribute)
Asm (class in malcat)
asm (malcat.Analysis attribute)
Asm.__getitem__() (in module malcat)
,
[1]
Asm.align() (in module malcat)
Asm.size() (in module malcat)
ASSIGN (malcat.malcat.Instruction.Type attribute)
AU3 (malcat.Architecture attribute)
B
base (malcat.MappingAnnotation attribute)
BasicBlock (class in malcat)
BasicBlock.__contains__() (in module malcat)
BasicBlock.__len__() (in module malcat)
BasicBlockEdge (class in malcat)
BIFF (malcat.Architecture attribute)
BINARY (malcat.malcat.FoundString.Encoding attribute)
built-in function
malcat.analyse()
,
[1]
,
[2]
malcat.UI.idle()
malcat.UI.msgbox()
malcat.UI.open_after()
malcat.UI.print()
malcat.UI.progress()
bytes (malcat.FoundString attribute)
(malcat.StructAccess attribute)
C
CALL (malcat.malcat.BasicBlockEdge.Type attribute)
(malcat.malcat.Instruction.Type attribute)
carved (malcat.Analysis attribute)
CarvedFile (class in malcat)
CarvedFile.__len__() (in module malcat)
CarvedFiles (class in malcat)
CarvedFiles.__contains__() (in module malcat)
CarvedFiles.__getitem__() (in module malcat)
,
[1]
CarvedFiles.__iter__() (in module malcat)
CarvedFiles.__len__() (in module malcat)
CarvedFiles.find() (in module malcat)
CarvedFiles.find_backward() (in module malcat)
CarvedFiles.find_forward() (in module malcat)
CAST (malcat.malcat.Instruction.Type attribute)
category (malcat.Analysis attribute)
(malcat.Anomaly attribute)
(malcat.CarvedFile attribute)
(malcat.ScanRule attribute)
CFG (class in malcat)
cfg (malcat.Analysis attribute)
CFG.__getitem__() (in module malcat)
,
[1]
CFG.__iter__() (in module malcat)
CFG.__len__() (in module malcat)
CFG.align() (in module malcat)
CFG.find() (in module malcat)
CFG.find_backward() (in module malcat)
CFG.find_forward() (in module malcat)
CJUMP (malcat.malcat.Instruction.Type attribute)
CMP (malcat.malcat.Instruction.Type attribute)
code (malcat.BasicBlock attribute)
CODE (malcat.malcat.Category attribute)
(malcat.malcat.References.Type attribute)
CodeReference (class in malcat)
comment (malcat.Anomaly attribute)
comments (malcat.Analysis attribute)
conditional (malcat.BasicBlockEdge attribute)
CONSTANT (malcat.malcat.InstructionOperand.Type attribute)
content (malcat.UserHighlight attribute)
count (malcat.References attribute)
(malcat.StructAccess attribute)
crc32 (malcat.Entropy attribute)
CrossReferences (class in malcat)
CrossReferences.__contains__() (in module malcat)
CrossReferences.__getitem__() (in module malcat)
,
[1]
CrossReferences.__iter__() (in module malcat)
CrossReferences.__len__() (in module malcat)
CrossReferences.find() (in module malcat)
CrossReferences.find_backward() (in module malcat)
CrossReferences.find_forward() (in module malcat)
D
data (malcat.BasicBlock attribute)
DATA (malcat.malcat.Category attribute)
(malcat.malcat.References.Type attribute)
DEBUG (malcat.malcat.Category attribute)
description (malcat.ScanRule attribute)
DIV (malcat.malcat.Instruction.Type attribute)
DOCUMENT (malcat.FileType.Category attribute)
DOTNET (malcat.Architecture attribute)
DYNAMIC (malcat.malcat.FoundString.Type attribute)
E
encoding (malcat.FoundString attribute)
end (malcat.BasicBlock attribute)
(malcat.CarvedFile attribute)
(malcat.Function attribute)
(malcat.Instruction attribute)
(malcat.MappingAnnotation attribute)
(malcat.Region attribute)
Entropy (class in malcat)
entropy (malcat.Analysis attribute)
(malcat.FoundString attribute)
Entropy.__getitem__() (in module malcat)
entry (malcat.BasicBlock attribute)
ENTRY (malcat.malcat.Symbol.Type attribute)
enum (malcat.StructAccess attribute)
ERROR (malcat.malcat.Anomaly.Level attribute)
EXCEPTION (malcat.malcat.BasicBlockEdge.Type attribute)
exec (malcat.CodeReference attribute)
(malcat.Region attribute)
exotic (malcat.BasicBlock attribute)
EXPORT (malcat.malcat.Symbol.Type attribute)
F
FAULTY (malcat.malcat.Instruction.Type attribute)
File (class in malcat)
file (malcat.Analysis attribute)
File.__getitem__() (in module malcat)
,
[1]
File.__len__() (in module malcat)
File.__setitem__() (in module malcat)
,
[1]
File.read() (in module malcat)
File.read_cstring_ascii() (in module malcat)
File.read_cstring_utf16be() (in module malcat)
File.read_cstring_utf16le() (in module malcat)
File.read_cstring_utf8() (in module malcat)
File.search() (in module malcat)
File.search_all() (in module malcat)
File.write() (in module malcat)
FileStructure (class in malcat)
FileStructure.__contains__() (in module malcat)
FileStructure.__getattr__() (in module malcat)
FileStructure.__getitem__() (in module malcat)
,
[1]
FileStructure.__iter__() (in module malcat)
FileStructure.__len__() (in module malcat)
FileStructure.at() (in module malcat)
FileStructure.find() (in module malcat)
FileStructure.find_backward() (in module malcat)
FileStructure.find_forward() (in module malcat)
FileStructure.force() (in module malcat)
FileStructure.unforce() (in module malcat)
FILESYSTEM (malcat.FileType.Category attribute)
filetype (malcat.malcat.VirtualFile property)
FileType.Category (class in malcat)
FIXUP (malcat.malcat.Category attribute)
fns (malcat.Analysis attribute)
FoundString (class in malcat)
FoundString.__len__() (in module malcat)
FoundString.__repr__() (in module malcat)
FPU (malcat.malcat.Instruction.Type attribute)
fullname (malcat.Function attribute)
Function (class in malcat)
FUNCTION (malcat.malcat.Symbol.Type attribute)
Function.__contains__() (in module malcat)
Function.__len__() (in module malcat)
FunctionParameter (class in malcat)
Functions (class in malcat)
Functions.__contains__() (in module malcat)
,
[1]
Functions.__getitem__() (in module malcat)
,
[1]
,
[2]
Functions.__iter__() (in module malcat)
Functions.__len__() (in module malcat)
Functions.find() (in module malcat)
Functions.find_backward() (in module malcat)
Functions.find_forward() (in module malcat)
Functions.force() (in module malcat)
Functions.unforce() (in module malcat)
G
GLOBAL (malcat.malcat.InstructionOperand.Type attribute)
gui (built-in variable)
H
HEADER (malcat.malcat.Category attribute)
highlights (malcat.Analysis attribute)
history (malcat.Analysis attribute)
I
id (malcat.ScanPattern attribute)
(malcat.ScanRule attribute)
IMAGE (malcat.FileType.Category attribute)
imagebase (malcat.Analysis attribute)
IMPORT (malcat.malcat.Symbol.Type attribute)
incoming (malcat.BasicBlock attribute)
indirect (malcat.CodeReference attribute)
INFO (malcat.malcat.ScanRule.Type attribute)
Instruction (class in malcat)
Instruction.__getitem__() (in module malcat)
Instruction.__iter__() (in module malcat)
Instruction.__len__() (in module malcat)
Instruction.__repr__() (in module malcat)
INVALID (malcat.malcat.Instruction.Type attribute)
is_libraray (malcat.Function attribute)
J
JUMP (malcat.malcat.BasicBlockEdge.Type attribute)
(malcat.malcat.Instruction.Type attribute)
L
LABEL (malcat.malcat.Symbol.Type attribute)
label (malcat.UndoableOperation attribute)
level (malcat.Anomaly attribute)
LOCAL (malcat.malcat.InstructionOperand.Type attribute)
locations (malcat.Anomaly attribute)
Loops (class in malcat)
loops (malcat.Analysis attribute)
LSHIFT (malcat.malcat.Instruction.Type attribute)
M
malcat
module
malcat.analyse()
built-in function
,
[1]
,
[2]
malcat.Anomaly.Level (class in malcat)
malcat.BasicBlockEdge.Type (class in malcat)
malcat.Category (class in malcat)
malcat.FoundString.Encoding (class in malcat)
malcat.FoundString.Type (class in malcat)
malcat.Instruction.Type (class in malcat)
malcat.InstructionOperand (class in malcat)
malcat.InstructionOperand.Action (class in malcat)
malcat.InstructionOperand.Type (class in malcat)
malcat.References.Type (class in malcat)
malcat.ScanRule.Type (class in malcat)
malcat.Symbol.Type (class in malcat)
malcat.UI (built-in class)
malcat.UI.idle()
built-in function
malcat.UI.msgbox()
built-in function
malcat.UI.open_after()
built-in function
malcat.UI.print()
built-in function
malcat.UI.progress()
built-in function
malcat.VirtualFile (class in malcat)
malcat.VirtualFile.unpack() (in module malcat)
MALWARE (malcat.malcat.ScanRule.Type attribute)
map (malcat.Analysis attribute)
MappingAnnotation (class in malcat)
MappingAnnotation.__contains__() (in module malcat)
MappingAnnotation.__getitem__() (in module malcat)
,
[1]
MappingAnnotation.__iter__() (in module malcat)
MappingAnnotation.a2p() (in module malcat)
MappingAnnotation.a2r() (in module malcat)
MappingAnnotation.a2v() (in module malcat)
MappingAnnotation.from_phys() (in module malcat)
MappingAnnotation.from_rva() (in module malcat)
MappingAnnotation.from_virt() (in module malcat)
MappingAnnotation.get_region() (in module malcat)
MappingAnnotation.p2a() (in module malcat)
MappingAnnotation.r2a() (in module malcat)
MappingAnnotation.to_phys() (in module malcat)
MappingAnnotation.to_rva() (in module malcat)
MappingAnnotation.to_virt() (in module malcat)
MappingAnnotation.v2a() (in module malcat)
MATCH (malcat.malcat.Category attribute)
matches (malcat.ScanPattern attribute)
matching (malcat.ScanRule attribute)
(malcat.Signatures attribute)
md5 (malcat.Entropy attribute)
META (malcat.malcat.FoundString.Type attribute)
metadata (malcat.Analysis attribute)
METADATA (malcat.malcat.Category attribute)
MMX (malcat.malcat.Instruction.Type attribute)
mnemonic (malcat.Instruction attribute)
module
malcat
module (malcat.Function attribute)
MUL (malcat.malcat.Instruction.Type attribute)
N
name (malcat.Anomaly attribute)
(malcat.CarvedFile attribute)
(malcat.File attribute)
(malcat.Function attribute)
(malcat.FunctionParameter attribute)
(malcat.Region attribute)
(malcat.ScanRule attribute)
(malcat.StructAccess attribute)
(malcat.Symbol attribute)
NONE (malcat.Architecture attribute)
(malcat.malcat.InstructionOperand.Action attribute)
NOP (malcat.malcat.Instruction.Type attribute)
num_add (malcat.Function attribute)
num_and (malcat.Function attribute)
num_assign (malcat.Function attribute)
num_bb (malcat.Function attribute)
num_bb_code (malcat.Function attribute)
num_bb_data (malcat.Function attribute)
num_call (malcat.Function attribute)
num_cast (malcat.Function attribute)
num_cjump (malcat.Function attribute)
num_cmp (malcat.Function attribute)
num_div (malcat.Function attribute)
num_faulty (malcat.Function attribute)
num_fpu (malcat.Function attribute)
num_instructions (malcat.Function attribute)
num_intra_jumps (malcat.Function attribute)
num_invalid (malcat.Function attribute)
num_jump (malcat.Function attribute)
num_lshift (malcat.Function attribute)
num_mmx (malcat.Function attribute)
num_mul (malcat.Function attribute)
num_nop (malcat.Function attribute)
num_or (malcat.Function attribute)
num_other (malcat.Function attribute)
num_pop (malcat.Function attribute)
num_push (malcat.Function attribute)
num_return (malcat.Function attribute)
num_rshift (malcat.Function attribute)
num_stack (malcat.Function attribute)
num_sub (malcat.Function attribute)
num_xor (malcat.Function attribute)
num_xrefs (malcat.FoundString attribute)
number_of_entrypoints (malcat.Symbols attribute)
number_of_exports (malcat.Symbols attribute)
number_of_functions (malcat.Symbols attribute)
number_of_imports (malcat.Symbols attribute)
number_of_labels (malcat.Symbols attribute)
number_of_typedefs (malcat.Symbols attribute)
number_of_variables (malcat.Symbols attribute)
O
OBJECT (malcat.malcat.InstructionOperand.Type attribute)
ODD (malcat.malcat.Anomaly.Level attribute)
offset (malcat.StructAccess attribute)
OR (malcat.malcat.Instruction.Type attribute)
OTHER (malcat.malcat.Instruction.Type attribute)
outgoing (malcat.BasicBlock attribute)
P
path (malcat.File attribute)
(malcat.malcat.VirtualFile property)
patterns (malcat.ScanRule attribute)
PCODE (malcat.Architecture attribute)
phys (malcat.Region attribute)
phys_size (malcat.Region attribute)
POP (malcat.malcat.Instruction.Type attribute)
PROGRAM (malcat.FileType.Category attribute)
PUSH (malcat.malcat.Instruction.Type attribute)
PY310 (malcat.Architecture attribute)
PY36 (malcat.Architecture attribute)
PY37 (malcat.Architecture attribute)
PY38 (malcat.Architecture attribute)
PY39 (malcat.Architecture attribute)
R
R (malcat.malcat.InstructionOperand.Action attribute)
read (malcat.Region attribute)
REFERENCE (malcat.malcat.Category attribute)
References (class in malcat)
References.__iter__() (in module malcat)
References.__len__() (in module malcat)
Region (class in malcat)
Region.__len__() (in module malcat)
regions (malcat.MappingAnnotation attribute)
register (malcat.malcat.InstructionOperand attribute)
REGISTER (malcat.malcat.InstructionOperand.Type attribute)
reliability (malcat.ScanRule attribute)
RESOURCE (malcat.malcat.Category attribute)
RETURN (malcat.malcat.Instruction.Type attribute)
RSHIFT (malcat.malcat.Instruction.Type attribute)
RW (malcat.malcat.InstructionOperand.Action attribute)
S
SCANNED (malcat.malcat.FoundString.Type attribute)
ScanPattern (class in malcat)
ScanRule (class in malcat)
ScanRule.__len__() (in module malcat)
score (malcat.FoundString attribute)
sha1 (malcat.Entropy attribute)
sha256 (malcat.Entropy attribute)
Signatures (class in malcat)
Signatures.__contains__() (in module malcat)
Signatures.__getitem__() (in module malcat)
Signatures.__iter__() (in module malcat)
Signatures.__len__() (in module malcat)
sigs (malcat.Analysis attribute)
size (malcat.BasicBlock attribute)
(malcat.CarvedFile attribute)
(malcat.File attribute)
(malcat.FoundString attribute)
(malcat.Function attribute)
(malcat.FunctionParameter attribute)
(malcat.Instruction attribute)
(malcat.malcat.VirtualFile property)
(malcat.Region attribute)
(malcat.StructAccess attribute)
(malcat.UndoableOperation attribute)
(malcat.UserHighlight attribute)
size_code (malcat.Function attribute)
size_data (malcat.Function attribute)
SOUND (malcat.FileType.Category attribute)
source (malcat.CodeReference attribute)
STACK (malcat.malcat.Instruction.Type attribute)
start (malcat.BasicBlock attribute)
(malcat.CarvedFile attribute)
(malcat.Function attribute)
(malcat.Instruction attribute)
(malcat.Region attribute)
STEP (malcat.malcat.BasicBlockEdge.Type attribute)
Strings (class in malcat)
strings (malcat.Analysis attribute)
Strings.__contains__() (in module malcat)
,
[1]
Strings.__getitem__() (in module malcat)
,
[1]
,
[2]
Strings.__iter__() (in module malcat)
Strings.__len__() (in module malcat)
Strings.find() (in module malcat)
Strings.find_backward() (in module malcat)
Strings.find_forward() (in module malcat)
struct (malcat.Analysis attribute)
STRUCT (malcat.malcat.References.Type attribute)
StructAccess (class in malcat)
StructAccess.__getattr__() (in module malcat)
StructAccess.__getitem__() (in module malcat)
,
[1]
,
[2]
StructAccess.__iter__() (in module malcat)
StructAccess.__len__() (in module malcat)
StructAccess.at() (in module malcat)
,
[1]
StructAccess.has_enum() (in module malcat)
SUB (malcat.malcat.Instruction.Type attribute)
SUSPICIOUS (malcat.malcat.ScanRule.Type attribute)
Symbol (class in malcat)
symbol (malcat.malcat.InstructionOperand attribute)
SYMBOL (malcat.malcat.InstructionOperand.Type attribute)
(malcat.malcat.References.Type attribute)
Symbols (class in malcat)
Symbols.__contains__() (in module malcat)
,
[1]
Symbols.__delitem__() (in module malcat)
Symbols.__getitem__() (in module malcat)
,
[1]
,
[2]
Symbols.__iter__() (in module malcat)
Symbols.__len__() (in module malcat)
Symbols.__setitem__() (in module malcat)
Symbols.set_label() (in module malcat)
Symbols.unset_label() (in module malcat)
syms (malcat.Analysis attribute)
T
tag (malcat.FoundString attribute)
tags (malcat.ScanRule attribute)
target (malcat.CodeReference attribute)
template_args (malcat.Function attribute)
text (malcat.FoundString attribute)
(malcat.UserComment attribute)
title (malcat.UserHighlight attribute)
tlsh (malcat.Entropy attribute)
TOOL (malcat.malcat.ScanRule.Type attribute)
total (malcat.Strings attribute)
total_size (malcat.Functions attribute)
TRACE (malcat.malcat.Anomaly.Level attribute)
type (malcat.Analysis attribute)
(malcat.BasicBlockEdge attribute)
(malcat.CarvedFile attribute)
(malcat.FoundString attribute)
(malcat.FunctionParameter attribute)
(malcat.Instruction attribute)
(malcat.malcat.InstructionOperand attribute)
(malcat.ScanRule attribute)
(malcat.Symbol attribute)
TYPEDEF (malcat.malcat.Symbol.Type attribute)
U
UNCOMMON (malcat.malcat.ScanRule.Type attribute)
UndoableOperation (class in malcat)
UndoableOperation.__len__() (in module malcat)
UndoableOperation.__repr__() (in module malcat)
UndoRedoManager (class in malcat)
UndoRedoManager.__iter__() (in module malcat)
UndoRedoManager.__len__() (in module malcat)
UndoRedoManager.group() (in module malcat)
UndoRedoManager.record() (in module malcat)
UndoRedoManager.redo() (in module malcat)
UndoRedoManager.undo() (in module malcat)
UndoRedoManager.undo_all() (in module malcat)
UNKNOWN (malcat.FileType.Category attribute)
USER (malcat.malcat.FoundString.Type attribute)
UserComment (class in malcat)
UserComment.__init__() (in module malcat)
UserComment.__repr__() (in module malcat)
UserComments (class in malcat)
UserComments.__contains__() (in module malcat)
UserComments.__delitem__() (in module malcat)
UserComments.__getitem__() (in module malcat)
,
[1]
UserComments.__iter__() (in module malcat)
UserComments.__len__() (in module malcat)
UserComments.__setitem__() (in module malcat)
UserComments.add() (in module malcat)
UserComments.find() (in module malcat)
UserComments.find_backward() (in module malcat)
UserComments.find_forward() (in module malcat)
UserComments.remove() (in module malcat)
UserHighlight (class in malcat)
UserHighlight.__init__() (in module malcat)
UserHighlight.__len__() (in module malcat)
UserHighlight.__repr__() (in module malcat)
UserHighlights (class in malcat)
UserHighlights.__contains__() (in module malcat)
UserHighlights.__delitem__() (in module malcat)
UserHighlights.__getitem__() (in module malcat)
,
[1]
UserHighlights.__iter__() (in module malcat)
UserHighlights.__len__() (in module malcat)
UserHighlights.__setitem__() (in module malcat)
UserHighlights.add() (in module malcat)
UserHighlights.find() (in module malcat)
UserHighlights.find_backward() (in module malcat)
UserHighlights.find_forward() (in module malcat)
UserHighlights.remove() (in module malcat)
UTF16 (malcat.malcat.FoundString.Encoding attribute)
UTF8 (malcat.malcat.FoundString.Encoding attribute)
V
value (malcat.malcat.InstructionOperand attribute)
(malcat.StructAccess attribute)
VARIABLE (malcat.malcat.Symbol.Type attribute)
vfiles (malcat.Analysis attribute)
virt (malcat.Region attribute)
virt_size (malcat.Region attribute)
W
W (malcat.malcat.InstructionOperand.Action attribute)
WARNING (malcat.malcat.Anomaly.Level attribute)
write (malcat.Region attribute)
X
X64 (malcat.Architecture attribute)
X86 (malcat.Architecture attribute)
XOR (malcat.malcat.Instruction.Type attribute)
xref (malcat.Analysis attribute)