Look at integrating Zynamics VXClass features

[sroberts]

One of the biggest insprerations as I started working on Malwarehouse was Zynamics VxClass. I never got a chance to use it, but the possibility of doing this sort of triage malware analysis, the boiler plate stuff that takes up the first few chapters of every good malware analysis book(such as Practical Malware Analysis & the Malware Analysts Cookbook).

There were a ton of great features in VxClass that don't seem to be met in a unified tool since Google took VxClass off the market (with no hope of bringing it back). Integrating some of these features could be a boon, and intersects with some of @technoskald's work on Konig

References:

• Zynamics | VxClass
• Zynamics Blog | Archive for the ‘VxClass’ Category
• Slideshare | VxClass for Incident Response
• Mandiant | zynamics VxClass and memory analysis
• Zynamics Blog | VxClass 1.5

[krmaxwell]

It definitely intersects very closely with Konig. I envision that as a prototype analysis engine ("build one to throw away") to explore a set of ideas around graph relationships. We then take what we learn from that prototype and build something like VxClass, though perhaps not as polished or extensive, but enough to be useful.

[sroberts]

Don't aim too low. 😉 I don't think I'm the only one hoping for a VxClass replacement. The idea of borrowing between or even merging Konig and make a one stop static analysis tool (without going towards IDA Pro) could be fun.