Freki – Malware Analysis and Reverse Engineering Tool


What is Freki?

Freki is a free and open-source malware analysis platform. It was built to facilitate malware analysis and reverse engineering. It also provides a REST API, so you can query and use it in different projects.

Freki is now available on Github also refer Online Documentation for more info.

Important Features:

The current version of Freki supports the following features:

Hash extraction:

Hashes are the products of cryptographic algorithms designed to produce a string of characters. While comparing to MD5 & SHA-1 there’s some occurrence of collision in the results, For example, A safe file and a malicious file that result with the same MD5 or SHA-1 hash. In order to avoid this, you should prefer SHA-256 whenever possible.
Types: MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32, and SSDEEP.

VirusTotal API queries:

VirusTotal API helps us to upload and scan files or URLs, IP addresses, and Domain Hashes. Once the scanning finished scanned reports and make automatic comments without the need of using the website interface. With that report, we can able to see the File properties, History like the creation of the file, etc., Although it’s a great tool for analyzing different files, it has some limitations like you need to pay for downloading samples.

Download samples for free:

In Freki, We don’t want to pay for downloading samples.

Static analysis of PE files:

The static analysis consists of examining, without executing the given samples and viewing the actual instructions. It’s used to determine whether a file is malicious, provide information about its functionality, and sometimes provide information that will allow you to produce simple network signatures. It consisting of Headers, sections, imports, capabilities, and strings.

Also Read: Latest IOCs – Threat Actor URLs , IP’s & Malware Hashes

Pattern matching with Yara:

YARA is a pattern matching framework that helps us to identify malicious content by defining complex patterns and signatures. The target can be a file, a folder, or a process. Rule files can be passed directly in source code form or can be previously compiled with the yarac tool.

Also Read : What is Threat Intelligence – Importance , CTI Lifecycle & Pyramid of Pain

Web interface and REST API:

REST API (Representational State Transfer) is a standardized architecture style for creating a Web Service API. Web service is used for REST, SOAP, and XML-RPC for communication. Simply it’s the utilization of HTTP methods to make a request over a network. For Example, One or more URL endpoints with a domain, port, path, and query string.

User management:

Users are able to create their own accounts for sample submission and API usages.


Community comments:

Users can comment and discuss their samples.

Freki is very easy, you can do it via Docker or installing everything by hand. Please check the administrator documentation for more details. Anyone who wants a malware analysis tool running locally or publicly. You can use it with a small group of friends or make your instance available to all world.

Previous articleFree Automated Malware Analysis Sandboxes for Incident Response
Next articleCooking Malicious Phishing Email Headers with CyberChef
Priyadharshini Balaji
A passionate security researcher in Malware and Penetration Testing.


Please enter your comment!
Please enter your name here