Scripting

Malcat feature powerful python bindings which gives users access to most of the analysis result in a pythonic way. The bindings described below are available for the anomalies (cf. Anomaly scanner), for the summary templates (data/templates) and for scripts (data/scripts) unless specified differently. If you open the Script editor using F8, it will display by default a toy script which will show you some basic usage of the bindings. If you want more advanced examples, look at our bindings for CAPA (data/scripts/capa/features/extractors/malcat.py).

List of available python objects

• Index
• Analysis object (malcat)
• File object (malcat.file)
• File entropy (malcat.entropy)
• Address mapping (malcat.map)
• File structures (malcat.struct)
• Disassembly (malcat.asm)
• Control Flow Graph (malcat.cfg)
• Strongly Connected Components (malcat.loops)
• Functions (malcat.fns)
• Strings (malcat.strings)
• Cross References (malcat.xref)
• Symbols (malcat.syms)
• Carved files (malcat.carved)
• Yara signatures (malcat.sigs)
• Anomalies (malcat.anomalies)