cd $HOME

SSMA - Simple Static Malware Analyzer

1 minute read

SSMA is a simple malware analyzer written in Python 3.

Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
Searches for possible domains, e-mail addresses, IP addresses in the strings of the file.
Checks if domain is blacklisted based on’s Ransomware Domain Blocklist and’s blocklist.
Looks for Windows functions commonly used by malware.
Get results from VirusTotal and/or upload files.
Malware detection based on Yara-rules
Detect well-known software packers.
Detect the existence of cryptographic algorithms.
Detect anti-debug and anti-virtualization techniques used by malware to evade automated analysis.
Find if documents have been crafted to leverage malicious code.


git clone


sudo pip3 install -r requirements.txt

python3 -h

python3 -k api-key file.exe

You can just statically scan the file or upload to VirustTotal using your API-KEY.

python3 file.exe
python3 -k api-key file.exe

Scan documents (i.e. MS Office Word):

python3 -d doc.docx

To get ssdeep hashes use requirements_with_ssdeep.txt

Python 3