Malcat users have a reason to celebrate today as version 0.9.6 has been released, unveiling the much-anticipated Kesakode, a remote hash lookup service. This new feature is seamlessly integrated into Malcat’s user interface and aims to match known functions, strings, and constant sets against an extensive database of clean malware and library files.

Kesakode, a novel tool developed by Malcat, boasts a sophisticated indexing process that involves a vast library comprising over 300 recent malware families and a million unique, clean programs and libraries. This comprehensive database has been meticulously built over the course of several months, including the incorporation of a substantial 2000+ malware families corpus from Malpedia. For each sample, three sets of features are extracted, including function hashes, string hashes, and a fuzzy hash computed over interesting code and data constants, all of which are stored in a massive relational database linked to their respective samples.

When a Kesakode query is initiated, the same three sets of hashes are computed and dispatched to the matching service. The cloud-based service then queries the database to identify and locate these hashes, categorizing them as either library code, clean program, or malicious based on their origin and providing relevant information accordingly. The tool also employs a unique approach for code immediates and data constants, focusing solely on malicious samples and utilizing a fuzzy hash to determine similarities with other malware families.

To enhance its functionality, Kesakode is designed to handle the complexities of malware, such as code obfuscation and data encryption, by leveraging three different sets of features for more accurate identification of malware samples. Queries typically yield results within 1 to 4 seconds, depending on the complexity of the program. Additionally, users have the option to contribute to the database by submitting false positives and negatives to improve its accuracy.

The versatile nature of Kesakode lends itself to various use cases, including malware identification, detection engineering, and expedited reverse engineering. By providing users with a powerful tool to identify malware samples, aiding in the development of detection rules, and facilitating the reverse engineering process, Kesakode is poised to become an indispensable asset for cybersecurity professionals.

With its robust database, efficient query system, and multifaceted capabilities, Kesakode represents a significant advancement in the realm of cybersecurity tools. Its integration into Malcat marks a milestone in the fight against malware and highlights the continuous innovation in the field of cybersecurity.

In conclusion, the release of Kesakode in Malcat version 0.9.6 signifies a significant step forward in enhancing malware identification, streamlining detection engineering, and expediting reverse engineering processes. As cybersecurity threats continue to evolve, the need for sophisticated tools like Kesakode becomes increasingly crucial in safeguarding systems and networks against malicious activities.

Source link