CodexGigas: Malware profiling search engine

CodexGigas is a free malware profiling search engine powered by Deloitte Argentina, which allows malware analysts to explore malware internals and perform searches over a large number of file characteristics.

malware profiling

Instead of relying of file-level hashes, users can compute hashes over features such as imported functions, strings, constants, file segments, code regions, or everything that is defined in the file type specification. This provides more than 142 possible searchable patterns that can be combined.

malware profiling

When it comes to development challenges, the authors tried to gather a massive amount of malware in order to test the software. “We currently have about 25 million samples, that’s 15 TB of malware. Turns out that amount of data is not as easy to manage as we thought. When processing data, for every extra millisecond it takes to process a sample on average, it takes seven hours to process the whole database,” Luciano Martins, CodexGigas developer, told Help Net Security.

You can check for updates on the CodexGigas Twitter profile.

If you’re interested in malware research, I suggest you take a look at Pestudio, a free tool that allows you to perform an initial assessment of a malware without even infecting a system or studying its code.

Share this