impfuzzy
Impfuzzy is Fuzzy Hash calculated from import API of PE files
pyimpfuzzy
Python module for comparing the impfuzzy
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html (Japanese)
http://blog.jpcert.or.jp/2016/05/classifying-mal-a988.html (English)
pyimpfuzzy-windows
Python module comparing the impfuzzy for Windows
impfuzzy for Volatility
Volatility plugin for comparing the impfuzzy and imphash
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_volatility.html (Japanese)
http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html (English)
impfuzzy for Neo4j
Python script for clustering malware based on fuzzy hash and importing/visualizing the result using Neo4j
More details are described in the following documents:
https://www.jpcert.or.jp/magazine/acreport-impfuzzy_neo4.html (Japanese)
http://blog.jpcert.or.jp/2017/03/malware-clustering-using-impfuzzy-and-network-analysis---impfuzzy-for-neo4j-.html (English)
Other Tools or Frameworks
MISP: Malware Information Sharing Platform and Threat Sharing
CRITs: Collaborative Research Into Threats
MultiScanner: File Analysis Framework
ViruSign: Malware Research & Data Center, Virus Free Downloads