FAME’s Documentation¶
FAME is a recursive acronym meaning “FAME Automates Malware Evaluation”.
It is meant to facilitate analysis of malicious files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis.
Best case scenario: the analyst drops a sample, waits for a few minutes, and FAME is able to determine the malware family and extract its configuration and IOCs.
FAME should be seen as a framework that will empower your malware analysis development efforts.
Contents¶
- Concept
- Installation
- Administrator Guide
- User Guide
- Writing Modules
- Writing a Processing module
- Writing a Preloading module
- Common module features
- API Reference
- Common module API
- Preloading Module
- Processing Module
ProcessingModuleProcessingModule.acts_onProcessingModule.generatesProcessingModule.triggered_byProcessingModule.queueProcessingModule.permissionsProcessingModule.add_extracted_file()ProcessingModule.add_extraction()ProcessingModule.add_ioc()ProcessingModule.add_probable_name()ProcessingModule.add_support_file()ProcessingModule.add_tag()ProcessingModule.change_type()ProcessingModule.each()ProcessingModule.each_with_type()ProcessingModule.register_files()ProcessingModule.run()ProcessingModule.skip_review()
- Special Processing Modules
- Isolated Processing Module
- Reporting Modules
- Threat Intelligence Modules
- Antivirus Modules
- Virtualization Module
- Command line tools
- API