Florentino – Fast Static File Analysis Framework

Florentino File Analysis Framework
Florentino File Analysis Framework

Florentino is a cross-platform file analysis framework.

It is useful for extracting static resources from malwares and unknown file analysis.

It can help malware analysts and security researchers to quickly get a glance at an unknown file.

  • Golang
  • D.I.E
  • iocextract
  • VirusTotal
  • Floss
  • Strings

Without these programs, it was a lost war from beginning.

Anytime we want to analyze an unknown file, there are a couple of steps which are almost identical Florentino aims to automate some of these boring steps so an analyst can move faster with manual and dynamic analysis.

Florentino: “Flowers, women – I desire all that is beautiful.”

Features

Florentino is written in go, and it’s fast!. You can run it before any other tool in your chain to gain a good grasp of your target file. Most of the time, it’s all you need to determine if a file is malicious or not!

1- File detection engine

Thanks to D.I.E, Florentino can detect hundreds of file types.

  • Number of com signatures: 200
  • Number of Text signatures: 14
  • Number of com signatures: 3
  • Number of MSDOS signatures: 306
  • Number of PE/PE+ signatures: 525
  • Number of DS signatures: 19
  • Number of EP signatures: 3
  • Number of ELF/ELF64 signatures: 16
  • Number of MACH/MACH64 signatures: 8
  • Total signatures: 1117

Beside file detection, entropy and packer detection also performed.

2- Scan engine

Florentino can work various sources to analyze the file.

VirusTotal: we check it for an existing report
Strings and IOC scan: Florentino takes it; further it will extract, scan and possibly deobfuscate strings from binary files
Binary scan: Florentino can work with PE x86/x64, Macho x86/x64, ELF x86/x64 files it will obtain imported symbol and libraries

3- Packer detection and unpacking

Currently only support PE x86 Files
unpack engine : unpac.me

4- Report

All reports are stored as a text file in /data directory

Please note Florentino is not a reversing suite and its only aim is only to fasten the first analysis Florentino is modular and easy to extend with your own tools.

Version

1.0.1-alpha

Installation and Usage

Usage

Florentino is straightforward to use; all you have to do is install dependencies and setup .EVN file (there is an example env)

  • Download D.I.E
  • Download Floss
  • pip3 install iocextract

Build and Run

  • cd cmd
  • mkdir data
  • touch .evn
  • example .evn
DIEC_PATH=/tools/diec
FLOSS_PATH=/tools/floss
VIRUSTOTAL_API=YOUR_API_KEY

  • go build main
  • Florentino -f FILE-TO-ANALYSIS
  • now data will be available in /data

Download Florentino

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

Hack iOS and Android Devices With Universal Forensic Extraction Application

Cyber Forensic Company Claims To Hack iOS and Android Devices The Israel...
Read More

Leave a Reply