Malwoverview.py is a simple tool to perform an initial and quick triage on a directory containing malware samples (not zipped).
This tool aims to :
Determining similar executable malware samples (PE/PE+) according to the import table (imphash) and group them by different colors (pay attention to the second column from output). Thus, colors matter!
Determining whether executable malware samples are packed or not packed according to the following rules:
2a. Two or more sections with Entropy > 7.0 or < 1.0 ==> Packed.
2b. One one section with Entropy > 7.0 or two sections with SizeOfRawData ==> Likely packed.
2c. None section with Entropy > 7.0 or SizeOfRawData ==> not packed.
Determining whether the malware samples contain overlay.
Determining the .text section entropy.
Malwoverview.py only examines PE/PE+ files, skipping everything else.