ANSSI-FR/DECODE
Malware detection tool for Windows PE files based on DFIR ORC data
When investigating a potentially compromised Windows system, this tool helps forensic analysts quickly identify suspicious executable files (PE files). You feed it forensic data collected by DFIR-ORC, specifically NTFSInfo and ListDlls data, and it outputs a prioritized list of executable files ranked by how anomalous they appear, along with visual aids. This helps incident responders focus their manual analysis on the most likely threats during compromise assessments.
Use this if you need to rapidly pinpoint potentially malicious or anomalous Windows executable files within a large dataset of forensic metadata from a compromised system.
Not ideal if you need deep analysis of binary content or are looking for a tool that relies on pre-trained threat intelligence models.
Stars
11
Forks
2
Language
Python
License
BSD-3-Clause
Category
Last pushed
Mar 07, 2026
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/ml-frameworks/ANSSI-FR/DECODE"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
rednaga/APKiD
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
0xfke/Malware-Detection-and-Analysis-using-Machine-Learning
Malware🦠Detection and Analysis using Machine Learning (MDAML) is designed to provide users with...
rieck/malheur
A Tool for Automatic Analysis of Malware Behavior
AFAgarap/malware-classification
Towards Building an Intelligent Anti-Malware System: A Deep Learning Approach using Support...
Kiinitix/Malware-Detection-using-Machine-learning
Anomaly based Malware Detection using Machine Learning (PE and URL)