Malcat Lite

Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals.

Inspect more than 50 binary file formats, disassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.

Don't like what you get? Malcat is also heavily customizable and scriptable using python.

Highlights

- Malcat's code analysis is not only powerful, it is also damn fast: you can analyze most files under a second! This makes it the perfect tool for quick inspections or malware triage.

- Inspect code for architectures used in malware: x86/x64, MIPS, .NET, python 2 and 3, VB p-code, NSIS/InnoSetup vm, AutoIT and Office macros. Malcat also embedds the Sleigh decompiler for x86, x64 and MIPS.

- Leveraging its 50+ file format parsers, malcat can extract sub-files from archives and identify embedded objects within any file. A very useful feature for incident response and malware analysis.

- Malcat offers many view modes to focus on all aspects of the file. Inspect binary structures, naviguate through the CFG or have a higher-level look at the anomalies, you chose. You can also try our new DNA view!

- Leveraging a database of 2000+ malware families and millions of clean + library files, our Kesakode hash lookup service can help you identify malware, write better Yara rules and speed up your RE game. It can also works offline!