The Latest

Florentino – Fast Static File Analysis Framework

byPriyanshu Sahay
March 27, 2020
2 minute read
No comments
Florentino File Analysis Framework
Florentino File Analysis Framework
Total
0
Shares
0
0
0
0
0

Florentino is a cross-platform file analysis framework.

It is useful for extracting static resources from malwares and unknown file analysis.

It can help malware analysts and security researchers to quickly get a glance at an unknown file.

  • Golang
  • D.I.E
  • iocextract
  • VirusTotal
  • Floss
  • Strings

Without these programs, it was a lost war from beginning.

Anytime we want to analyze an unknown file, there are a couple of steps which are almost identical Florentino aims to automate some of these boring steps so an analyst can move faster with manual and dynamic analysis.

Florentino: “Flowers, women – I desire all that is beautiful.”

Features

Florentino is written in go, and it’s fast!. You can run it before any other tool in your chain to gain a good grasp of your target file. Most of the time, it’s all you need to determine if a file is malicious or not!

1- File detection engine

Thanks to D.I.E, Florentino can detect hundreds of file types.

  • Number of com signatures: 200
  • Number of Text signatures: 14
  • Number of com signatures: 3
  • Number of MSDOS signatures: 306
  • Number of PE/PE+ signatures: 525
  • Number of DS signatures: 19
  • Number of EP signatures: 3
  • Number of ELF/ELF64 signatures: 16
  • Number of MACH/MACH64 signatures: 8
  • Total signatures: 1117

Beside file detection, entropy and packer detection also performed.

2- Scan engine

Florentino can work various sources to analyze the file.

VirusTotal: we check it for an existing report
Strings and IOC scan: Florentino takes it; further it will extract, scan and possibly deobfuscate strings from binary files
Binary scan: Florentino can work with PE x86/x64, Macho x86/x64, ELF x86/x64 files it will obtain imported symbol and libraries

3- Packer detection and unpacking

Currently only support PE x86 Files
unpack engine : unpac.me

4- Report

All reports are stored as a text file in /data directory

Please note Florentino is not a reversing suite and its only aim is only to fasten the first analysis Florentino is modular and easy to extend with your own tools.

Version

1.0.1-alpha

Installation and Usage

Usage

Florentino is straightforward to use; all you have to do is install dependencies and setup .EVN file (there is an example env)

  • Download D.I.E
  • Download Floss
  • pip3 install iocextract

Build and Run

  • cd cmd
  • mkdir data
  • touch .evn
  • example .evn
DIEC_PATH=/tools/diec
FLOSS_PATH=/tools/floss
VIRUSTOTAL_API=YOUR_API_KEY
  • go build main
  • Florentino -f FILE-TO-ANALYSIS
  • now data will be available in /data

Download Florentino

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Captcha Service

Who Use Captcha-solving Services And For What

byChandrakant Patil
March 25, 2020
5 minute read
No comments
Next Article
iPhone iOS Bug

Unpatched iPhone Bug Could Silently Disable VPN Protection

byPriyanshu Sahay
March 27, 2020
2 minute read
No comments
Related Posts
Total
0
Share
0
0
0
0
0
0