Topics
Getting started
User interface
Analysis engine (doc in progress)
Scripting
Index
Analysis object (malcat)
File object (malcat.file)
File entropy (malcat.entropy)
Address mapping (malcat.map)
File structures (malcat.struct)
Disassembly (malcat.asm)
Control Flow Graph (malcat.cfg)
Strongly Connected Components (malcat.loops)
Functions (malcat.fns)
Strings (malcat.strings)
Cross References (malcat.xref)
Symbols (malcat.syms)
Carved files (malcat.carved)
Yara signatures (malcat.sigs)
Anomalies (malcat.anomalies)
Links
Malcat Website
Malcat
Index
Index
A
|
B
|
C
|
D
|
E
|
F
|
G
|
I
|
J
|
L
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
V
|
W
|
X
A
access (bindings.CodeReference attribute)
action (bindings.bindings.InstructionOperand attribute)
ADD (bindings.bindings.Instruction.Type attribute)
address (bindings.BasicBlock attribute)
(bindings.BasicBlockEdge attribute)
(bindings.FoundString attribute)
(bindings.Function attribute)
(bindings.Instruction attribute)
(bindings.References attribute)
(bindings.Region attribute)
(bindings.StructAccess attribute)
(bindings.SubFile attribute)
(bindings.Symbol attribute)
all (bindings.Signatures attribute)
Analysis (class in bindings)
AND (bindings.bindings.Instruction.Type attribute)
anomalies (bindings.Analysis attribute)
Anomalies (class in bindings)
Anomalies.__contains__() (in module bindings)
Anomalies.__getattr__() (in module bindings)
Anomalies.__getitem__() (in module bindings)
Anomalies.__iter__() (in module bindings)
Anomaly (class in bindings)
architecture (bindings.Analysis attribute)
ARCHIVE (bindings.bindings.FileType.Category attribute)
args (bindings.Function attribute)
ASCII (bindings.bindings.FoundString.Encoding attribute)
asm (bindings.Analysis attribute)
Asm (class in bindings)
Asm.__getitem__() (in module bindings)
,
[1]
Asm.align() (in module bindings)
Asm.size() (in module bindings)
ASSIGN (bindings.bindings.Instruction.Type attribute)
AU3 (bindings.bindings.FileType.Architecture attribute)
B
base (bindings.MappingAnnotation attribute)
BasicBlock (class in bindings)
BasicBlock.__contains__() (in module bindings)
BasicBlock.__len__() (in module bindings)
BasicBlockEdge (class in bindings)
BIFF (bindings.bindings.FileType.Architecture attribute)
BINARY (bindings.bindings.FoundString.Encoding attribute)
bindings
module
bindings.Anomaly.Level (class in bindings)
bindings.BasicBlockEdge.Type (class in bindings)
bindings.FileType.Architecture (class in bindings)
bindings.FileType.Category (class in bindings)
bindings.FoundString.Encoding (class in bindings)
bindings.FoundString.Type (class in bindings)
bindings.Instruction.Type (class in bindings)
bindings.InstructionOperand (class in bindings)
bindings.InstructionOperand.Action (class in bindings)
bindings.InstructionOperand.Type (class in bindings)
bindings.References.Type (class in bindings)
bindings.ScanRule.Type (class in bindings)
bindings.Symbol.Type (class in bindings)
bindings.UI (built-in class)
bindings.UI.idle()
built-in function
bindings.UI.msgbox()
built-in function
bindings.UI.open_after()
built-in function
bindings.UI.print()
built-in function
bindings.UI.progress()
built-in function
bindings.VirtualFile (class in bindings)
built-in function
bindings.UI.idle()
bindings.UI.msgbox()
bindings.UI.open_after()
bindings.UI.print()
bindings.UI.progress()
bytes (bindings.FoundString attribute)
(bindings.StructAccess attribute)
C
CALL (bindings.bindings.BasicBlockEdge.Type attribute)
(bindings.bindings.Instruction.Type attribute)
carved (bindings.Analysis attribute)
CAST (bindings.bindings.Instruction.Type attribute)
category (bindings.Analysis attribute)
(bindings.Anomaly attribute)
(bindings.ScanRule attribute)
(bindings.SubFile attribute)
cfg (bindings.Analysis attribute)
CFG (class in bindings)
CFG.__getitem__() (in module bindings)
,
[1]
CFG.__iter__() (in module bindings)
CFG.__len__() (in module bindings)
CFG.align() (in module bindings)
CFG.find() (in module bindings)
CFG.find_backward() (in module bindings)
CFG.find_forward() (in module bindings)
CJUMP (bindings.bindings.Instruction.Type attribute)
CMP (bindings.bindings.Instruction.Type attribute)
code (bindings.BasicBlock attribute)
CODE (bindings.bindings.References.Type attribute)
CodeReference (class in bindings)
comment (bindings.Anomaly attribute)
conditional (bindings.BasicBlockEdge attribute)
CONSTANT (bindings.bindings.InstructionOperand.Type attribute)
count (bindings.References attribute)
(bindings.StructAccess attribute)
crc32 (bindings.Entropy attribute)
CrossReferences (class in bindings)
CrossReferences.__contains__() (in module bindings)
CrossReferences.__getitem__() (in module bindings)
,
[1]
CrossReferences.__iter__() (in module bindings)
CrossReferences.__len__() (in module bindings)
CrossReferences.find() (in module bindings)
CrossReferences.find_backward() (in module bindings)
CrossReferences.find_forward() (in module bindings)
D
data (bindings.BasicBlock attribute)
DATA (bindings.bindings.References.Type attribute)
description (bindings.ScanRule attribute)
DIV (bindings.bindings.Instruction.Type attribute)
DOCUMENT (bindings.bindings.FileType.Category attribute)
DOTNET (bindings.bindings.FileType.Architecture attribute)
DYNAMIC (bindings.bindings.FoundString.Type attribute)
E
encoding (bindings.FoundString attribute)
end (bindings.BasicBlock attribute)
(bindings.Function attribute)
(bindings.Instruction attribute)
(bindings.MappingAnnotation attribute)
(bindings.Region attribute)
(bindings.SubFile attribute)
entropy (bindings.Analysis attribute)
(bindings.FoundString attribute)
Entropy (class in bindings)
Entropy.__getitem__() (in module bindings)
entry (bindings.BasicBlock attribute)
ENTRY (bindings.bindings.Symbol.Type attribute)
enum (bindings.StructAccess attribute)
ERROR (bindings.bindings.Anomaly.Level attribute)
EXCEPTION (bindings.bindings.BasicBlockEdge.Type attribute)
exec (bindings.CodeReference attribute)
(bindings.Region attribute)
exotic (bindings.BasicBlock attribute)
EXPORT (bindings.bindings.Symbol.Type attribute)
F
FAULTY (bindings.bindings.Instruction.Type attribute)
file (bindings.Analysis attribute)
File (class in bindings)
File.__getitem__() (in module bindings)
,
[1]
File.__len__() (in module bindings)
File.__setitem__() (in module bindings)
,
[1]
File.read() (in module bindings)
File.read_cstring_ascii() (in module bindings)
File.read_cstring_utf16be() (in module bindings)
File.read_cstring_utf16le() (in module bindings)
File.read_cstring_utf8() (in module bindings)
File.search() (in module bindings)
File.search_all() (in module bindings)
File.write() (in module bindings)
files (bindings.Analysis attribute)
FileStructure (class in bindings)
FileStructure.__contains__() (in module bindings)
FileStructure.__getattr__() (in module bindings)
FileStructure.__getitem__() (in module bindings)
,
[1]
FileStructure.__iter__() (in module bindings)
FileStructure.__len__() (in module bindings)
FileStructure.at() (in module bindings)
FileStructure.find() (in module bindings)
FileStructure.find_backward() (in module bindings)
FileStructure.find_forward() (in module bindings)
FILESYSTEM (bindings.bindings.FileType.Category attribute)
filetype (bindings.bindings.VirtualFile property)
fns (bindings.Analysis attribute)
FoundString (class in bindings)
FoundString.__len__() (in module bindings)
FoundString.__repr__() (in module bindings)
FPU (bindings.bindings.Instruction.Type attribute)
fullname (bindings.Function attribute)
FUNCTION (bindings.bindings.Symbol.Type attribute)
Function (class in bindings)
Function.__contains__() (in module bindings)
Function.__len__() (in module bindings)
FunctionParameter (class in bindings)
Functions (class in bindings)
Functions.__contains__() (in module bindings)
,
[1]
Functions.__getitem__() (in module bindings)
,
[1]
,
[2]
Functions.__iter__() (in module bindings)
Functions.__len__() (in module bindings)
Functions.find() (in module bindings)
Functions.find_backward() (in module bindings)
Functions.find_forward() (in module bindings)
G
GLOBAL (bindings.bindings.InstructionOperand.Type attribute)
gui (built-in variable)
I
id (bindings.ScanPattern attribute)
(bindings.ScanRule attribute)
IMAGE (bindings.bindings.FileType.Category attribute)
imagebase (bindings.Analysis attribute)
IMPORT (bindings.bindings.Symbol.Type attribute)
incoming (bindings.BasicBlock attribute)
indirect (bindings.CodeReference attribute)
INFO (bindings.bindings.ScanRule.Type attribute)
Instruction (class in bindings)
Instruction.__getitem__() (in module bindings)
Instruction.__iter__() (in module bindings)
Instruction.__len__() (in module bindings)
Instruction.__repr__() (in module bindings)
INVALID (bindings.bindings.Instruction.Type attribute)
J
JUMP (bindings.bindings.BasicBlockEdge.Type attribute)
(bindings.bindings.Instruction.Type attribute)
L
LABEL (bindings.bindings.Symbol.Type attribute)
level (bindings.Anomaly attribute)
LOCAL (bindings.bindings.InstructionOperand.Type attribute)
locations (bindings.Anomaly attribute)
loops (bindings.Analysis attribute)
Loops (class in bindings)
LSHIFT (bindings.bindings.Instruction.Type attribute)
M
malcat (built-in variable)
malcat.anomalies (built-in variable)
malcat.asm (built-in variable)
malcat.carved (built-in variable)
malcat.cfg (built-in variable)
malcat.entropy (built-in variable)
malcat.file (built-in variable)
malcat.fns (built-in variable)
malcat.loops (built-in variable)
malcat.map (in module bindings)
malcat.sigs (built-in variable)
malcat.strings (built-in variable)
malcat.struct (built-in variable)
malcat.syms (built-in variable)
malcat.xref (built-in variable)
MALWARE (bindings.bindings.ScanRule.Type attribute)
map (bindings.Analysis attribute)
MappingAnnotation (class in bindings)
MappingAnnotation.__contains__() (in module bindings)
MappingAnnotation.__getitem__() (in module bindings)
,
[1]
MappingAnnotation.__iter__() (in module bindings)
MappingAnnotation.a2p() (in module bindings)
MappingAnnotation.a2r() (in module bindings)
MappingAnnotation.a2v() (in module bindings)
MappingAnnotation.from_phys() (in module bindings)
MappingAnnotation.from_rva() (in module bindings)
MappingAnnotation.from_virt() (in module bindings)
MappingAnnotation.get_region() (in module bindings)
MappingAnnotation.p2a() (in module bindings)
MappingAnnotation.r2a() (in module bindings)
MappingAnnotation.to_phys() (in module bindings)
MappingAnnotation.to_rva() (in module bindings)
MappingAnnotation.to_virt() (in module bindings)
MappingAnnotation.v2a() (in module bindings)
matches (bindings.ScanPattern attribute)
matching (bindings.ScanRule attribute)
(bindings.Signatures attribute)
md5 (bindings.Entropy attribute)
META (bindings.bindings.FoundString.Type attribute)
metadata (bindings.Analysis attribute)
MMX (bindings.bindings.Instruction.Type attribute)
mnemonic (bindings.Instruction attribute)
module
bindings
module (bindings.Function attribute)
MUL (bindings.bindings.Instruction.Type attribute)
N
name (bindings.Anomaly attribute)
(bindings.File attribute)
(bindings.Function attribute)
(bindings.FunctionParameter attribute)
(bindings.Region attribute)
(bindings.ScanRule attribute)
(bindings.StructAccess attribute)
(bindings.SubFile attribute)
(bindings.Symbol attribute)
NONE (bindings.bindings.FileType.Architecture attribute)
(bindings.bindings.InstructionOperand.Action attribute)
NOP (bindings.bindings.Instruction.Type attribute)
num_add (bindings.Function attribute)
num_and (bindings.Function attribute)
num_assign (bindings.Function attribute)
num_bb (bindings.Function attribute)
num_bb_code (bindings.Function attribute)
num_bb_data (bindings.Function attribute)
num_call (bindings.Function attribute)
num_cast (bindings.Function attribute)
num_cjump (bindings.Function attribute)
num_cmp (bindings.Function attribute)
num_div (bindings.Function attribute)
num_faulty (bindings.Function attribute)
num_fpu (bindings.Function attribute)
num_instructions (bindings.Function attribute)
num_intra_jumps (bindings.Function attribute)
num_invalid (bindings.Function attribute)
num_jump (bindings.Function attribute)
num_lshift (bindings.Function attribute)
num_mmx (bindings.Function attribute)
num_mul (bindings.Function attribute)
num_nop (bindings.Function attribute)
num_or (bindings.Function attribute)
num_other (bindings.Function attribute)
num_pop (bindings.Function attribute)
num_push (bindings.Function attribute)
num_return (bindings.Function attribute)
num_rshift (bindings.Function attribute)
num_stack (bindings.Function attribute)
num_sub (bindings.Function attribute)
num_xor (bindings.Function attribute)
num_xrefs (bindings.FoundString attribute)
number_of_entrypoints (bindings.Symbols attribute)
number_of_exports (bindings.Symbols attribute)
number_of_functions (bindings.Symbols attribute)
number_of_imports (bindings.Symbols attribute)
number_of_labels (bindings.Symbols attribute)
number_of_typedefs (bindings.Symbols attribute)
number_of_variables (bindings.Symbols attribute)
O
OBJECT (bindings.bindings.InstructionOperand.Type attribute)
ODD (bindings.bindings.Anomaly.Level attribute)
offset (bindings.StructAccess attribute)
OR (bindings.bindings.Instruction.Type attribute)
OTHER (bindings.bindings.Instruction.Type attribute)
outgoing (bindings.BasicBlock attribute)
P
path (bindings.bindings.VirtualFile property)
(bindings.File attribute)
patterns (bindings.ScanRule attribute)
PCODE (bindings.bindings.FileType.Architecture attribute)
phys (bindings.Region attribute)
phys_size (bindings.Region attribute)
POP (bindings.bindings.Instruction.Type attribute)
PROGRAM (bindings.bindings.FileType.Category attribute)
PUSH (bindings.bindings.Instruction.Type attribute)
PY310 (bindings.bindings.FileType.Architecture attribute)
PY36 (bindings.bindings.FileType.Architecture attribute)
PY37 (bindings.bindings.FileType.Architecture attribute)
PY38 (bindings.bindings.FileType.Architecture attribute)
PY39 (bindings.bindings.FileType.Architecture attribute)
R
R (bindings.bindings.InstructionOperand.Action attribute)
read (bindings.Region attribute)
References (class in bindings)
References.__iter__() (in module bindings)
References.__len__() (in module bindings)
Region (class in bindings)
Region.__len__() (in module bindings)
regions (bindings.MappingAnnotation attribute)
register (bindings.bindings.InstructionOperand attribute)
REGISTER (bindings.bindings.InstructionOperand.Type attribute)
reliability (bindings.ScanRule attribute)
RETURN (bindings.bindings.Instruction.Type attribute)
RSHIFT (bindings.bindings.Instruction.Type attribute)
RW (bindings.bindings.InstructionOperand.Action attribute)
S
SCANNED (bindings.bindings.FoundString.Type attribute)
ScanPattern (class in bindings)
ScanRule (class in bindings)
ScanRule.__len__() (in module bindings)
score (bindings.FoundString attribute)
sha1 (bindings.Entropy attribute)
sha256 (bindings.Entropy attribute)
Signatures (class in bindings)
Signatures.__contains__() (in module bindings)
Signatures.__getitem__() (in module bindings)
Signatures.__iter__() (in module bindings)
Signatures.__len__() (in module bindings)
sigs (bindings.Analysis attribute)
size (bindings.BasicBlock attribute)
(bindings.bindings.VirtualFile property)
(bindings.File attribute)
(bindings.FoundString attribute)
(bindings.Function attribute)
(bindings.FunctionParameter attribute)
(bindings.Instruction attribute)
(bindings.Region attribute)
(bindings.StructAccess attribute)
(bindings.SubFile attribute)
size_code (bindings.Function attribute)
size_data (bindings.Function attribute)
SOUND (bindings.bindings.FileType.Category attribute)
source (bindings.CodeReference attribute)
STACK (bindings.bindings.Instruction.Type attribute)
start (bindings.BasicBlock attribute)
(bindings.Function attribute)
(bindings.Instruction attribute)
(bindings.Region attribute)
(bindings.SubFile attribute)
STEP (bindings.bindings.BasicBlockEdge.Type attribute)
strings (bindings.Analysis attribute)
Strings (class in bindings)
Strings.__contains__() (in module bindings)
,
[1]
Strings.__getitem__() (in module bindings)
,
[1]
,
[2]
Strings.__iter__() (in module bindings)
Strings.__len__() (in module bindings)
Strings.find() (in module bindings)
Strings.find_backward() (in module bindings)
Strings.find_forward() (in module bindings)
struct (bindings.Analysis attribute)
STRUCT (bindings.bindings.References.Type attribute)
StructAccess (class in bindings)
StructAccess.__getattr__() (in module bindings)
StructAccess.__getitem__() (in module bindings)
,
[1]
,
[2]
StructAccess.__iter__() (in module bindings)
StructAccess.__len__() (in module bindings)
StructAccess.at() (in module bindings)
,
[1]
StructAccess.has_enum() (in module bindings)
SUB (bindings.bindings.Instruction.Type attribute)
SubFile (class in bindings)
SubFile.__len__() (in module bindings)
SubFiles (class in bindings)
SubFiles.__contains__() (in module bindings)
SubFiles.__getitem__() (in module bindings)
,
[1]
SubFiles.__iter__() (in module bindings)
SubFiles.__len__() (in module bindings)
SubFiles.find() (in module bindings)
SubFiles.find_backward() (in module bindings)
SubFiles.find_forward() (in module bindings)
SUSPICIOUS (bindings.bindings.ScanRule.Type attribute)
symbol (bindings.bindings.InstructionOperand attribute)
SYMBOL (bindings.bindings.InstructionOperand.Type attribute)
(bindings.bindings.References.Type attribute)
Symbol (class in bindings)
Symbols (class in bindings)
Symbols.__contains__() (in module bindings)
,
[1]
Symbols.__getitem__() (in module bindings)
,
[1]
,
[2]
Symbols.__iter__() (in module bindings)
Symbols.__len__() (in module bindings)
syms (bindings.Analysis attribute)
T
tag (bindings.FoundString attribute)
tags (bindings.ScanRule attribute)
target (bindings.CodeReference attribute)
template_args (bindings.Function attribute)
text (bindings.FoundString attribute)
tlsh (bindings.Entropy attribute)
TOOL (bindings.bindings.ScanRule.Type attribute)
total (bindings.Strings attribute)
total_size (bindings.Functions attribute)
TRACE (bindings.bindings.Anomaly.Level attribute)
type (bindings.Analysis attribute)
(bindings.BasicBlockEdge attribute)
(bindings.bindings.InstructionOperand attribute)
(bindings.FoundString attribute)
(bindings.FunctionParameter attribute)
(bindings.Instruction attribute)
(bindings.ScanRule attribute)
(bindings.SubFile attribute)
(bindings.Symbol attribute)
TYPEDEF (bindings.bindings.Symbol.Type attribute)
U
UNCOMMON (bindings.bindings.ScanRule.Type attribute)
UNKNOWN (bindings.bindings.FileType.Category attribute)
USER (bindings.bindings.FoundString.Type attribute)
UTF16 (bindings.bindings.FoundString.Encoding attribute)
UTF8 (bindings.bindings.FoundString.Encoding attribute)
V
value (bindings.bindings.InstructionOperand attribute)
(bindings.StructAccess attribute)
VARIABLE (bindings.bindings.Symbol.Type attribute)
virt (bindings.Region attribute)
virt_size (bindings.Region attribute)
W
W (bindings.bindings.InstructionOperand.Action attribute)
WARNING (bindings.bindings.Anomaly.Level attribute)
write (bindings.Region attribute)
X
X64 (bindings.bindings.FileType.Architecture attribute)
X86 (bindings.bindings.FileType.Architecture attribute)
XOR (bindings.bindings.Instruction.Type attribute)
xref (bindings.Analysis attribute)