anpa1200/Static-malware-Analysis-Orchestrator

# Static Malware Analysis Orchestrator One-command static malware-analysis pipeline that turns sample triage into strings, PE imports, unpacking notes, IOC context, and LLM-ready reports.    ## Demo Add an 8-15 second GIF showing: sample input -> triage -> strings/imports -> unpacking check -> report output. ## What This Is For A malware analyst runs this when a suspicious binary needs fast static triage before sandboxing or reverse engineering. The pipeline creates structured output that can feed CTI notes or detection engineering. ## What It Produces | Output | Use | |---|---| | Triage summary | Analyst first pass | | Strings | IOC and behavior leads | | PE imports | Capability review | | Unpacking notes | Reverse-engineering path | | LLM-ready report | Structured analysis prompt input | ## Quick Start git clone https://github.com/anpa1200/Static-malware-Analysis-Orchestrator.git cd Static-malware-Analysis-Orchestrator python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt python orchestrator.py samples/example.exe --out reports/ ## How It Works flowchart LR Sample[Sample] --> Triage[Triage] Triage --> Strings[Strings] Triage --> Imports[PE imports] Triage --> Unpack[Unpack checks] Strings --> Report[LLM-ready report] Imports --> Report Unpack --> Report ## Coverage | Area | Coverage | |---|---| | Triage | File metadata and quick characteristics | | Static analysis | Strings, imports, packer indicators | | Output | Human report and LLM-ready structure | | Role | Malware triage, CTI notes, detection seed material | ## Limitations And Honesty Static analysis misses behavior that is packed, staged, dynamically resolved, or environment-aware. Use this as a first pass, not a final malware verdict. ## Companion Material - AIDebug: https://github.com/anpa1200/AIDebug - Android-Malware-Analysis: https://github.com/anpa1200/Android-Malware-Analysis ## Citation See `CITATION.cff`. ## License MIT recommended. ## Security Policy See `SECURITY.md`.