guelfoweb/malware-analysis-static

# Malware Analysis Static SKILL for Codex ## 描述 This skill extends OpenAI Codex to perform **static malware analysis** in a structured and repeatable way. It analyzes suspicious files without executing them. Supported targets include: * Windows, Linux, macOS binaries * Android APK files * Office documents * Scripts (JavaScript, PowerShell, VBA, etc.) * Web payloads and source code It guides Codex through triage, reverse engineering, IOC extraction, and infection chain reconstruction ## 下载 ``` curl -O https://raw.githubusercontent.com/guelfoweb/malware-analysis-static/refs/heads/main/SKILL.md ``` ## 在 Codex 中安装 ``` mkdir -p .codex/skills/malware-analysis-static curl -o .codex/skills/malware-analysis-static/SKILL.md \ https://raw.githubusercontent.com/guelfoweb/malware-analysis-static/refs/heads/main/SKILL.md ``` No additional configuration is required. ## 要求 This skill relies on external tools available in the system. Common tools include: * `file`, `strings`, `sha256sum` * `yara`, `objdump`, `xxd` * `python3` * `7z`, `exiftool` Advanced analysis may require: * `jadx`, `apktool`, `aapt2` (Android) * `radare2`, `Ghidra`, `floss`, `xorsearch` (binaries) * `oletools`, `oledump.py` (Office files) The skill automatically detects available tools and uses fallbacks when possible, but results may be limited if key tools are missing ## 用法 ``` Analyze this suspicious file using the malware-analysis-static skill ``` ## 调用技能 ``` $malware-analysis-static ``` ## 关键特性 * Full workflow: triage, reverse engineering, IOC extraction * Static analysis only (no execution) * Autonomous step-by-step analysis * Evidence tracking with `AGENTS.md` and `REPORT.md` * Tool detection and fallback support * Real reverse engineering (not just strings) ## 输出 * hashes (MD5, SHA1, SHA256) * file type and architecture * C2, URLs, IOCs * infection chain * obfuscation techniques * possible malware family * structured report ## 警告

标签：Android APK分析, C2通信, Codex技能, DAST, IOC提取, Office文档分析, PowerShell分析, SKILL.md, VBA分析, Web载荷分析, 二进制分析, 云安全监控, 云安全运维, 云资产清单, 代理, 哈希计算, 回退机制, 威胁情报, 工具检测, 应用安全, 开发者工具, 恶意软件分析, 感染链, 数字取证, 文件类型识别, 无文件攻击, 源代码分析, 脚本分析, 自动化分析, 自动化脚本, 跨站脚本, 逆向工具, 逆向工程, 静态分析