Pyew is a (command line) python tool like radare and *iew oriented, mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool.


The project Pyew is hosted in Google Code.

DeepToad is an open source (LGPL) tool to generate fuzzy hashes and compare similar files. It can be used, in example, to clusterize malware samples. DeepToad is very similar to ssdeep and nilsimsa.

The project DeepToad is hosted in Google Code.

Zero wine is an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program. The tool is distributed as a prebuilt QEmu virtual machine (or in source code form).

The project Zero Wine is hosted in Sourceforge.