Highlights
Malcat has been designed for malware analysts, SOC operators, incident responders, CTF players or more generally anyone who needs to inspect unknown binary files on a regular basis. Have a look at its list of features to decide if it's the right tool for you:
Because Malcat does not run heavy analyses like VSA or type recovery, it can analyze most files under a second. This makes it the perfect tool for quick inspections or malware triage.
Inspect code for
architectures used in malware:
x86/x64,
.NET,
python 2 and 3,
VB p-code,
NSIS vm,
AutoIT and
Office macros.
Malcat also embedds the Sleigh decompiler for x86 and x64.
Leveraging its numerous
file format parsers, malcat can extract sub-files from
archives and identify
embedded objects within any file. A very useful feature for incident response and malware analysis.
Malcat offers many view modes to focus on all aspects of the file. Inspect binary structures, naviguate through the CFG or have a higher-level look at the anomalies, you chose. You can also try our new DNA view!
Compare two files side by side and inspect their structural differences using Meyers algorithm, a powerful diff method used in bioinformatics which produce human-readable results and can realign.
Highlight suspicious patterns using
Yara (featuring an embedded editor), Fireeye's
Capa or Malcat's own
anomaly scanner which scans for more than
200 anomalies using the complete analysis results.
Patch the file content using the inline structure editor or using python.
Dealing with encrypted or encoded content? Just select the data and chose between dozens of decryption and decoding algorithms.
Malcat recognize and highlight more than 20000 standard strings and numerical constants.
You can also scan a corpus of local files against the currently selected pattern.
Malcat features different algorithms (some using the disassembler) to identify strings inside files.
Strings are then weighted and sorted by score to give you the most pertinent results first.
Enjoy a modern and responsive UI featuring HiDPI and full unicode support (hi .NET obfuscators :).
Want to go fast? You can navigate through the analysis using numerous keyboard shortcuts.
It is quite easy to extend malcat or automate file analysis by using the powerful python bindings.
You can create new file type parsers, decryption routines or add new anomalies with ease.
Get the software
Malcat is currently in
beta phase. It means that while the software is finished and polished, it has not been tested extensively by its user base and documentation is sparse. So keep in mind, you may still encounter a few minor bugs. The good news is that during this time, Malcat is
50% off. So don't hesitate to pick one of the three editions of Malcat:
- Malcat Lite is a free (as in free food) edition with some limitations
- Malcat is the full version of the tool, affordable for hobbyists
- Malcat Pro is targeted toward computer infosec professionals. It allows commercial use and comes with support
Paid version gives you access to unlimited use of the software on Linux and Windows plateforms, and access to product updates for one year. Licenses are user-locked and allow installation on up to 3 different machines. If you are not sure if the software can run on your configuration, please test with the free lite edition first.
|
Malcat Lite |
Malcat |
Malcat Pro |
| Unlimited use + 1 year of updates |
– |
99€ 49€ |
399€ 199€ |
| Updates renewal (1 year) |
– |
49€ |
199€ |
| Hexadecimal editor |
|
|
|
File format parsers
Inspect more than 30 binary file formats |
|
|
|
Transforms
Decrypt/decompress data in-place |
|
|
|
Signature scanner + editor
Scan for constants + yara signatures and edit Yara rules |
|
|
|
Strings and symbols
Powerful strings and symbols extraction algorithms |
|
|
|
Sub-files extraction
Explore archives and embedded files |
|
|
|
Scripting
Automate analysis or run scripts |
|
|
|
Disassemblers
Disassemble different CPU architectures |
x86/x64 only |
|
|
Decompiler
View source for x86/x64, AutoIT and Office |
– |
|
|
Diff engine
Compare binaries using Meyers algorithm |
– |
|
|
Anomaly scanner
Quickly identify suspicious files |
– |
|
|
| Multi-threaded analysis |
– |
|
|
| Color themes |
– |
|
|
| Commercial use |
– |
– |
|
| Support |
– |
– |
best effort |
|
Download |
Buy for 49€ |
Buy for 199€ |
*: Additional taxes may be added in some regions and are calculated automatically during checkout by our payment provider.
FAQs
Yes, Malcat can work offline, although you won't be able to use the intelligence scripts of course. There is a procedure to activate the software offline, you will just need a second computer with internet and python. Run the script bindings/activate.py for more details.
The non-pro version of Malcat is targeted towards hobbyists: they will get most features of malcat for a reasonable price. The main limitation is that you are not able to use Malcat in a commercial/professional context. Also in order to keep the price low, no support is available in this version.
For now, only named licensed are available.
Purchase orders and invoices are supported for purchases of more than 10 copies of the Pro license.
Contact us for more information.
There is no sutdent discount at this time, simply because verifying student status would cost too much time. Instead, we offer free 1-year licenses for IT-Security classes. Just ask your professor to
contact us with a copy of your class curriculum and we will see what we can do.
