Malcat

the binary file dissector

Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux.
Inspect dozens of binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.
Don't like what you get? Malcat is also heavily customizable and scriptable using python.

Get it

Highlights

Malcat has been designed for malware analysts, SOC operators, incident responders, CTF players or more generally anyone who needs to inspect unknown binary files on a regular basis. Have a look at its list of features to decide if it's the right tool for you:

Rapid analysis

Because Malcat does not run heavy analyses like VSA or type recovery, it can analyze most files under a second. This makes it the perfect tool for quick inspections or malware triage.

Disasm & decompile

Inspect code for architectures used in malware: x86/x64, .NET, python 2 and 3, VB p-code, NSIS vm, AutoIT and Office macros.
Malcat also embedds the Sleigh decompiler for x86 and x64.

Embedded files

Leveraging its numerous file format parsers, malcat can extract sub-files from archives and identify embedded objects within any file. A very useful feature for incident response and malware analysis.

Smart visualization

Malcat offer numerous view modes to focus on all aspects of the file. Inspect binary structures, naviguate through the CFG or have a higher-level look at the anomalies, you chose. You can also try our new DNA view!

Compare binaries

Compare two files side by side and inspect their structural differences using Meyers algorithm, a powerful diff method which produce human-readable results.

Anomaly scanner

Highlight suspicious patterns using Yara (featuring an embedded editor), Fireeye's Capa scanner or Malcat's own anomaly scanner which leverage the complete analysis of the file for accurate results.

Advanced editing

Patch the file content using the inline structure editor or using python.
Dealing with encrypted/encoded content? Just select the data and chose between dozens of available decryption algorithms.

Known patterns

Malcat recognize and highlight more than 20K standard strings and numerical constants.
You can also scan a corpus of local files against the currently selected pattern.

Extract strings

Malcat features different algorithms (some using the disassembler) to identify all strings inside files.
Strings are then weighted and sorted by score to give you the most pertinent results first.

Scripting engine

It is quite easy to extend malcat or automate file editing by using the powerful python bindings.
The results of all analyses are available from the python side.

Do you want to see malcat in action? Just have a look at our blog section.

Get the software

Malcat is currently in beta phase. It means that while the software has been finished and polished, it has not been tested extensively by its user base. So keep in mind, you may still encounter a few minor bugs. The good news is that during this time, Malcat is 50% off. So don't hesitate to pick one of the three editions of Malcat:

Malcat CE is a free (as in free food) community edition with some limitations
Malcat is the full version of the tool, affordable for hobbyists
Malcat Pro is targeted toward computer infosec professionals. It allows commercial use and comes with support

All version gives you access to unlimited use of the software on Linux and Windows plateforms, and access to one year of updates. If you are not sure if the software can run on your configuration, please test with the free community edition first.

Basic Standard Premium

	Malcat CE	Malcat	Malcat Pro
Unlimited use + 1 year updates	–	~~99€~~ 49€^*	~~239€~~ 119€^*
Updates renewal	–	49€^*	119€^*
Hexadecimal editor
File format parsers Inspect more than 30 binary file formats
Transforms Decrypt/decompress data in-place
Signature scanner Scan for constants + yara signatures
Sub-files extraction Explore archives and embedded files
Scripting Automate analysis or run scripts
Disassemblers Disassemble different CPU architectures	x86/x64 only
Yara editor Interactively construct yara rules	–
Decompiler View source for x86/x64, AutoIT and Office	–
Diff engine Compare binaries using Meyers algorithm	–
Anomaly scanner Quickly identify suspicious files	–
Multi-threaded analysis	–
Command line usage	–	–
Commercial use	–	–
Support	–	–
	Download	Coming soon	Coming soon

*: Additional taxes may be added in some regions and are calculated automatically during checkout by our payment provider.

FAQs

What is the difference between Malcat and Malcat Pro?

The non-pro version of Malcat is targeted towards hobbyists: they will get most features of malcat for a reasonable price. The main limitation is that you are not able to use Malcat in a commercial/professional context. Also in order to keep the price low, no support is available in this version.

What kind of license is offered?

For now, only named licensed are available. If you need machine-bound or flating licenses, please contact us.

Can I purchase via a purchase order or get an invoice?

Purchase orders and invoices are supported for purchases of more than 10 copies of the Pro license. Contact us for more information. We do make exceptions to this if necessary.

Are there student/academic discounts?

There is no sutdent discount at this time, simply because verifying student status would cost too much time. Instead, we offer free 1-year licenses for IT-Security classes. Just ask your professor to contact us with a copy of your class curriculum and we will see what we can do.