Malcat dev
@malcat4ever.bsky.social
Main developer of http://malcat.fr, a hexadecimal editor / disassembler / decompiler for #malware analysis, #DFIR and #SOC.
Pinned
Malcat dev
@malcat4ever.bsky.social
· Sep 18
Malcat : First Steps
YouTube video
www.youtube.com
First steps with #malcat? Here is a tutorial video, courtesy of
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...
#Kesakode updated to 1.0.45 !
● New malware entries: Fullmetal, Laplas, RoningLoader, ShadowRat, Silentsweeper and SystemShock
● Updated malware entries: 29
● FP-fixed signatures: 931
● 16587 new clean programs whitelisted
● 3452882 new functions
● 165257 new strings
● New malware entries: Fullmetal, Laplas, RoningLoader, ShadowRat, Silentsweeper and SystemShock
● Updated malware entries: 29
● FP-fixed signatures: 931
● 16587 new clean programs whitelisted
● 3452882 new functions
● 165257 new strings
November 16, 2025 at 9:19 AM
#Kesakode updated to 1.0.45 !
● New malware entries: Fullmetal, Laplas, RoningLoader, ShadowRat, Silentsweeper and SystemShock
● Updated malware entries: 29
● FP-fixed signatures: 931
● 16587 new clean programs whitelisted
● 3452882 new functions
● 165257 new strings
● New malware entries: Fullmetal, Laplas, RoningLoader, ShadowRat, Silentsweeper and SystemShock
● Updated malware entries: 29
● FP-fixed signatures: 931
● 16587 new clean programs whitelisted
● 3452882 new functions
● 165257 new strings
#kesakode DB update to 1.0.43, with again a focus on the clean set:
● 18 new malware entries
● 53 existing entries updated
● FP-fixed signatures: 749
● 5280 new clean programs whitelisted
● +2M unique functions
● +300K unique strings
● 18 new malware entries
● 53 existing entries updated
● FP-fixed signatures: 749
● 5280 new clean programs whitelisted
● +2M unique functions
● +300K unique strings
November 2, 2025 at 8:07 AM
#kesakode DB update to 1.0.43, with again a focus on the clean set:
● 18 new malware entries
● 53 existing entries updated
● FP-fixed signatures: 749
● 5280 new clean programs whitelisted
● +2M unique functions
● +300K unique strings
● 18 new malware entries
● 53 existing entries updated
● FP-fixed signatures: 749
● 5280 new clean programs whitelisted
● +2M unique functions
● +300K unique strings
#kesakode updated to 1.0.42:
* New entries: Brickstorm, Butoflex, Ladvix, NetStar, Pantegana, Tendyron, Tsunamikit and VampireBot
* Updated entries: AuraStealer, Latrodectus, NightshadeC2 and QNAPCrypt
* 33275 new clean programs whitelisted
* FP-fixed signatures: 1028
* New entries: Brickstorm, Butoflex, Ladvix, NetStar, Pantegana, Tendyron, Tsunamikit and VampireBot
* Updated entries: AuraStealer, Latrodectus, NightshadeC2 and QNAPCrypt
* 33275 new clean programs whitelisted
* FP-fixed signatures: 1028
October 21, 2025 at 9:27 AM
#kesakode updated to 1.0.42:
* New entries: Brickstorm, Butoflex, Ladvix, NetStar, Pantegana, Tendyron, Tsunamikit and VampireBot
* Updated entries: AuraStealer, Latrodectus, NightshadeC2 and QNAPCrypt
* 33275 new clean programs whitelisted
* FP-fixed signatures: 1028
* New entries: Brickstorm, Butoflex, Ladvix, NetStar, Pantegana, Tendyron, Tsunamikit and VampireBot
* Updated entries: AuraStealer, Latrodectus, NightshadeC2 and QNAPCrypt
* 33275 new clean programs whitelisted
* FP-fixed signatures: 1028
#Kesakode updated to 1.0.41:
Malware signatures:
* New malware entries: 14
* Updated malware entries: 16
* FP-fixed signatures: 1340
Files:
* 33 new malicious samples
* 52010 new clean programs
Database:
* 13093705 new unique functions
* 7778950 new unique strings
Malware signatures:
* New malware entries: 14
* Updated malware entries: 16
* FP-fixed signatures: 1340
Files:
* 33 new malicious samples
* 52010 new clean programs
Database:
* 13093705 new unique functions
* 7778950 new unique strings
October 14, 2025 at 5:29 AM
#Kesakode updated to 1.0.41:
Malware signatures:
* New malware entries: 14
* Updated malware entries: 16
* FP-fixed signatures: 1340
Files:
* 33 new malicious samples
* 52010 new clean programs
Database:
* 13093705 new unique functions
* 7778950 new unique strings
Malware signatures:
* New malware entries: 14
* Updated malware entries: 16
* FP-fixed signatures: 1340
Files:
* 33 new malicious samples
* 52010 new clean programs
Database:
* 13093705 new unique functions
* 7778950 new unique strings
#Malcat version 0.9.11 has been released, with support for ARM and Mach-O program analysis.
More details below:
malcat.fr/blog/0911-is...
More details below:
malcat.fr/blog/0911-is...
0.9.11 is out: ARM and MachO analysis
Malcat version 0.9.11 is out! With this release, Malcat is now able to analyse MacOS programs. That means: addition of Armv7, Armv8 and Aarch64 disassemblers and decompilers as well as MachO, DMG and...
malcat.fr
September 30, 2025 at 3:18 PM
#Malcat version 0.9.11 has been released, with support for ARM and Mach-O program analysis.
More details below:
malcat.fr/blog/0911-is...
More details below:
malcat.fr/blog/0911-is...
#Malcat tip #10: analysing backdoored clean software can be hard.
A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):
A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):
September 25, 2025 at 9:54 AM
#Malcat tip #10: analysing backdoored clean software can be hard.
A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):
A quick win is to pivot around known constants, thanks to Malcat's 400k+ constants DB (here a #Tropidoor dlder):
Reposted by Malcat dev
Tomorrow at BSides Edmonton! 🔥
September 22, 2025 at 10:45 PM
Tomorrow at BSides Edmonton! 🔥
Updated #Kesakode to 1.0.39:
* New malware entries: HybridPetya, MostereRAT, PhantomStealer, SatanLockV2 and Yurei
* Updated malware entries: 38
* 3285 new library objects seen
* 2622 new clean programs whitelisted
* 905652 new unique functions
* 1330028 new unique strings
* New malware entries: HybridPetya, MostereRAT, PhantomStealer, SatanLockV2 and Yurei
* Updated malware entries: 38
* 3285 new library objects seen
* 2622 new clean programs whitelisted
* 905652 new unique functions
* 1330028 new unique strings
September 22, 2025 at 7:24 AM
Updated #Kesakode to 1.0.39:
* New malware entries: HybridPetya, MostereRAT, PhantomStealer, SatanLockV2 and Yurei
* Updated malware entries: 38
* 3285 new library objects seen
* 2622 new clean programs whitelisted
* 905652 new unique functions
* 1330028 new unique strings
* New malware entries: HybridPetya, MostereRAT, PhantomStealer, SatanLockV2 and Yurei
* Updated malware entries: 38
* 3285 new library objects seen
* 2622 new clean programs whitelisted
* 905652 new unique functions
* 1330028 new unique strings
First steps with #malcat? Here is a tutorial video, courtesy of
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...
Malcat : First Steps
YouTube video
www.youtube.com
September 18, 2025 at 7:53 AM
First steps with #malcat? Here is a tutorial video, courtesy of
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...
@invokereversing.bsky.social :
www.youtube.com/watch?v=gqES...
Updated #kesakode to 1.0.38:
Malware signatures:
* New malware entries: 20 new families
* 564116 new unique functions
* 197608 new unique strings
* 27 new unique constant fingerprints
Malware signatures:
* New malware entries: 20 new families
* 564116 new unique functions
* 197608 new unique strings
* 27 new unique constant fingerprints
September 12, 2025 at 6:52 AM
Updated #kesakode to 1.0.38:
Malware signatures:
* New malware entries: 20 new families
* 564116 new unique functions
* 197608 new unique strings
* 27 new unique constant fingerprints
Malware signatures:
* New malware entries: 20 new families
* 564116 new unique functions
* 197608 new unique strings
* 27 new unique constant fingerprints
Sometimes it looks like #malware, smells like #malware but it's just ... weird:
malcat.fr/blog/get-you...
malcat.fr/blog/get-you...
Get your swimsuit, we're diving into a black SEO scheme
What started like an easy unpacking session to fill a Friday afternoon lead us to a singular black-SEO campaign. Together, we will unravel 4 different malicious loaders written in 4 different programm...
malcat.fr
September 5, 2025 at 7:19 AM
Sometimes it looks like #malware, smells like #malware but it's just ... weird:
malcat.fr/blog/get-you...
malcat.fr/blog/get-you...
Reposted by Malcat dev
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
RationalEdge - Intelligence Meets Accuracy
Advanced malware analysis and threat intelligence solutions by RationalEdge
rationaledge.io
August 28, 2025 at 12:22 PM
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
Reposted by Malcat dev
We've uploaded our stream from July 28th where we triaged an Emotet infection chain with Renaud from @malcat4ever.bsky.social Enjoy! www.youtube.com/watch?v=xJof...
Triaging Malware with Malcat (Stream - 29/07/2025)
YouTube video by Invoke RE
www.youtube.com
August 15, 2025 at 2:19 PM
We've uploaded our stream from July 28th where we triaged an Emotet infection chain with Renaud from @malcat4ever.bsky.social Enjoy! www.youtube.com/watch?v=xJof...
#Kesakode DB has been updated to 1.0.36 !
* 9 new malware families
* 70 extended malware signatures
* 37 new malicious samples in database
* 11440 new library objects seen
* 120k new clean programs whitelisted
* 17M new unique functions
* 3M new unique strings
* 9 new malware families
* 70 extended malware signatures
* 37 new malicious samples in database
* 11440 new library objects seen
* 120k new clean programs whitelisted
* 17M new unique functions
* 3M new unique strings
July 24, 2025 at 7:26 PM
#Kesakode DB has been updated to 1.0.36 !
* 9 new malware families
* 70 extended malware signatures
* 37 new malicious samples in database
* 11440 new library objects seen
* 120k new clean programs whitelisted
* 17M new unique functions
* 3M new unique strings
* 9 new malware families
* 70 extended malware signatures
* 37 new malicious samples in database
* 11440 new library objects seen
* 120k new clean programs whitelisted
* 17M new unique functions
* 3M new unique strings
#Kesakode has been updated to 1.0.34!
* 34 new malware entries
* 249 extended malware signatures
* 50 new malicious samples in database
* 58950 new clean programs whitelisted
* 5459056 new unique functions
* 1862336 new unique strings
* 34 new malware entries
* 249 extended malware signatures
* 50 new malicious samples in database
* 58950 new clean programs whitelisted
* 5459056 new unique functions
* 1862336 new unique strings
July 10, 2025 at 9:50 AM
#Kesakode has been updated to 1.0.34!
* 34 new malware entries
* 249 extended malware signatures
* 50 new malicious samples in database
* 58950 new clean programs whitelisted
* 5459056 new unique functions
* 1862336 new unique strings
* 34 new malware entries
* 249 extended malware signatures
* 50 new malicious samples in database
* 58950 new clean programs whitelisted
* 5459056 new unique functions
* 1862336 new unique strings
Does someone know this #malware, since this is definitely NOT latrodectus. Looks like some Discord-backed infostealer:
bazaar.abuse.ch/sample/85f8c...
bazaar.abuse.ch/sample/85f8c...
June 1, 2025 at 9:36 AM
Does someone know this #malware, since this is definitely NOT latrodectus. Looks like some Discord-backed infostealer:
bazaar.abuse.ch/sample/85f8c...
bazaar.abuse.ch/sample/85f8c...
You can now check your strings in #malcat against an online library of #Malpedia FLOSSed strings. Just copy this plugin:
github.com/malpedia/mal...
github.com/malpedia/mal...
May 27, 2025 at 7:52 AM
You can now check your strings in #malcat against an online library of #Malpedia FLOSSed strings. Just copy this plugin:
github.com/malpedia/mal...
github.com/malpedia/mal...
Reposted by Malcat dev
🚀 Malcat is a powerful binary file dissector that's essential for Windows and Linux IT-security professionals. As both a feature-rich hexadecimal editor and a disassembler, Malcat offers a comprehensive toolkit for in-depth binary analysis. Check it out 👇
www.youtube.com/live/yzC_539...
www.youtube.com/live/yzC_539...
Learn How to Dissect Binary Files with the Creator of Malcat!
Malcat is a powerful binary file dissector that's essential for Windows and Linux IT-security professionals. As both a feature-rich hexadecimal editor and a ...
www.youtube.com
May 9, 2025 at 5:06 PM
🚀 Malcat is a powerful binary file dissector that's essential for Windows and Linux IT-security professionals. As both a feature-rich hexadecimal editor and a disassembler, Malcat offers a comprehensive toolkit for in-depth binary analysis. Check it out 👇
www.youtube.com/live/yzC_539...
www.youtube.com/live/yzC_539...
Reposted by Malcat dev
#Malcat 0.9.10 is out! State-of-the-art CFG recovery, MIPS disassembler & decompiler and many UI improvements;
malcat.fr/blog/0910-is...
malcat.fr/blog/0910-is...
0.9.10 is out: CFG recovery, MIPS & UI improvements
Malcat version 0.9.10 is out! In this release, we have improved Malcat's CFG recovery algorithm and compared its performances against other reversing software. A new CPU architecture (MIPS) has also b...
malcat.fr
May 9, 2025 at 4:36 AM
#Malcat 0.9.10 is out! State-of-the-art CFG recovery, MIPS disassembler & decompiler and many UI improvements;
malcat.fr/blog/0910-is...
malcat.fr/blog/0910-is...
#Malcat 0.9.10 is out! State-of-the-art CFG recovery, MIPS disassembler & decompiler and many UI improvements;
malcat.fr/blog/0910-is...
malcat.fr/blog/0910-is...
0.9.10 is out: CFG recovery, MIPS & UI improvements
Malcat version 0.9.10 is out! In this release, we have improved Malcat's CFG recovery algorithm and compared its performances against other reversing software. A new CPU architecture (MIPS) has also b...
malcat.fr
May 9, 2025 at 4:36 AM
#Malcat 0.9.10 is out! State-of-the-art CFG recovery, MIPS disassembler & decompiler and many UI improvements;
malcat.fr/blog/0910-is...
malcat.fr/blog/0910-is...
Reposted by Malcat dev
Why might you want to read up on EFF's guide to border searches right now, you wonder? This is why.
So on March 9, a French scientist, on a visa to attend a conference in Houston, was denied entry to the US and subsequently expelled because his phone had messages decrying scientific policies put forward by the Trump administration: www.lemonde.fr/internationa...
Etats-Unis : un chercheur français refoulé pour avoir exprimé « une opinion personnelle sur la politique menée par l’administration Trump »
Le ministre de la recherche français a dit sa « préoccupation », mercredi, après cette décision des autorités américaines. Le chercheur du CNRS aurait subi un contrôle aléatoire à son arrivée, avant q...
www.lemonde.fr
March 19, 2025 at 7:47 PM
Why might you want to read up on EFF's guide to border searches right now, you wonder? This is why.
Reposted by Malcat dev
Malcat version 0.9.9 is out! Check out the new offline version of Kesakode for blazing-fast (unpacked) #malware identification across 2000+ families.
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
0.9.9 is out: Offline Kesakode, python 3.13 & UI
Malcat version 0.9.9 is out! Say hello to the offline version of Kesakode, which lets you identify malware even faster and without uploading any hash! You will also see several UI improvements, python...
malcat.fr
February 17, 2025 at 1:48 PM
Malcat version 0.9.9 is out! Check out the new offline version of Kesakode for blazing-fast (unpacked) #malware identification across 2000+ families.
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
Malcat version 0.9.9 is out! Check out the new offline version of Kesakode for blazing-fast (unpacked) #malware identification across 2000+ families.
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
0.9.9 is out: Offline Kesakode, python 3.13 & UI
Malcat version 0.9.9 is out! Say hello to the offline version of Kesakode, which lets you identify malware even faster and without uploading any hash! You will also see several UI improvements, python...
malcat.fr
February 17, 2025 at 1:48 PM
Malcat version 0.9.9 is out! Check out the new offline version of Kesakode for blazing-fast (unpacked) #malware identification across 2000+ families.
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...
Also python 3.13 support (& disassembler), new file parsers & improved UI:
malcat.fr/blog/099-is-...