fatcousin
// artifact family

malware analysis

35 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
35
catalog slugs
35
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. pe analyzerdrop a Windows executable · parse PE headers · sections · imports · exports · entropy per section · detect packers · imphash · runs locally
  2. packed pe analyzerdrop a windows pe exe or dll · detect packers · section entropy · import table analysis · overlay data · pe header anomalies · runs locally
  3. cobalt strike config extractordrop beacon binary · xor keys 0x69 0x2e 0x00 · tlv config settings 1-70 · c2 sleep watermark flags · export json csv · runs locally
  4. go symbol extractordrop elf pe mach-o · gopclntab magic · function names · go.buildinfo module · offensive package flags · csv export · runs locally
  5. rust binary heuristicsdrop binary · rust confidence score · panic strings · crate paths · offensive crate flags · csv export · runs locally
  6. pe static analyzerdrop any .exe · .dll · .sys · parse PE headers · import table · suspicious API categories · section entropy · packer fingerprint · anomaly detection · export report · runs locally
  7. pe import reconstructordrop a packed or dumped pe · reconstruct iat · resolve api hashes · identify dynamically loaded functions · rebuild import table · runs locally
  8. elf analyzerdrop a Linux binary · parse ELF headers · sections · dynamic symbols · dependencies · section entropy · detect suspicious attributes · runs locally
  9. macro extractordrop a .doc · .xls · .ppt file · decompress and display embedded VBA macros · detect suspicious patterns · runs locally
  10. office macro extractordrop .doc · .xls · .docm · .xlsm · extract raw VBA macro source · flag Shell · CreateObject · WScript · URLDownloadToFile · suspicious API calls · export · runs locally
  11. office macro analyzerdrop doc · xls · ppt · docm · xlsm · pptm · extract vba macros · flag dangerous apis · detect obfuscation · malware analysis · runs locally
  12. ransom note analyzerpaste or drop ransom notes · 55+ family fingerprints · crypto addresses · onion urls · emails · nomoreransom hints · highlighted text · runs locally
  13. ransomware family identifierdrop encrypted file samples · ransom notes · iocs · fingerprint against 200+ families · output family name · known decryptors · nomoransom hints · extension patterns · c2 patterns · runs locally
  14. credential harvesting tool artifact detectordrop prefetch csv · appcompat csv · evtx csv · file listing · detect mimikatz · lazagne · rubeus · certipy · impacket and 40+ credential tools from their artifacts · runs locally
  15. fileless malware artifact extractordrop memory dump strings output · evtx csv · registry exports · extract process-injected code indicators · identify fileless payload artifacts · powershell fileless patterns · wmi fileless persistence · runs locally
  16. excel formula extractorxlsx xlsm zip xml · legacy xls biff · dde webservice hyperlinks externals · hidden sheets · severity tags · csv export · runs locally
  17. imphash calculatordrop a PE file · compute Mandiant-style import hash · list all imports · compare with known samples · runs locally
  18. shellcode analyzerhex base64 binary shellcode · x86 x64 disassembly · peb stack strings · nop sled · xor stub · iocs · runs locally
  19. shellcode detectordrop any binary · detect shellcode patterns · GetPC stubs · NOP sleds · XOR decoder loops · SHIKATA GA NAI · API hash lookups · dense opcode regions · runs locally
  20. yara scannerwrite YARA-like rules · scan any file locally · string and byte pattern matching · condition logic · export match report · runs locally
  21. yara rule scannerwrite YARA rules or use 50+ built-in rules · drop any binary to scan · condition matching · string search · hex patterns · offset anchors · export matches · runs locally
  22. string ioc correlatorpaste string output or drop binary · match against 300+ known malware family signatures · C2 patterns · mutex names · registry keys · user-agents · export matches · runs locally
  23. multi-layer archive extractorrecursively unpack nested archives · ZIP inside ZIP · archive inside image · detect polyglot containers · extract innermost payloads · download all · runs locally
  24. multi-layer encoding recursive unwrapperdrop any file or paste text · automatically detect and unwrap stacked encoding layers · base64 inside gzip inside hex inside url encoding · recursive up to 20 layers · track decode chain · reveal final payload · runs locally
  25. string splitting and concatenation obfuscation detectordrop script files or binary strings output · detect string splitting concatenation obfuscation · reconstruct obfuscated strings · extract iocs · runs locally
  26. document embedded object extractordrop DOCX · XLSX · PDF · extract embedded OLE objects · images · linked files · hidden streams · download all found objects · runs locally
  27. fuzzy hash calculatordrop files · compute ssdeep and tlsh · compare similarity · find malware variants · runs locally
  28. file dna structural fingerprinterdrop any files · structural fingerprint beyond hash · near-duplicate clusters · ssdeep tlsh section string layers · runs locally
  29. binary structural similarity scorerdrop two or more binaries · structural and syntactic similarity · malware variant families · shared imports and strings · runs locally
  30. environmental keying and sandbox evasion detectordrop pe binaries or shellcode · vm detection · sleep evasion · anti-debug · domain and user checks · runs locally
  31. dotnet assembly inspectordrop .exe/.dll · PE CLR header · BSJB metadata · typedef methoddef assemblyref · flag P/Invoke APIs · csv · runs locally
  32. pyc inspectordrop .pyc · magic python version · marshal code object · disassemble opcodes · flag exec eval subprocess · csv · runs locally
  33. serialized object forensic analyzerdrop java serialized streams · python pickle · dotnet binaryformatter · php serialized strings · extract class names · detect gadget chains · runs locally
  34. binary development environment fingerprinterdrop compiled binaries · extract compiler version · ide · sdk · linker · pdb paths · build profile of developer workstation · runs locally
  35. source code style forensic fingerprinterdrop source code or decompiled text · analyze indentation · naming · comments · apis · stylometric fingerprint · compare authorship · runs locally
ready