Thursday 23 May 2019

Sojobo - A Binary Analysis Framework

Sojobo - A Binary Analysis Framework of Potentially Malicious Files

Sojobo - A Binary Analysis Framework

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries (the project is self contained).

With Sojobo you can:

  • Emulate a (32 bit) PE binary
  • Inspect the memory of the emulated process
  • Read the process state
  • Display a disassembly of the executed code
  • Emulate functions in a managed language (C# || F#)


Using Sojobo

Sojobo is intended to be used as a framework to create program analysis utilities. However, various sample utilities were created in order to show how to use the framework in a profitable way.


In order to compile Sojobo you need .NET Core to be installed and Visual Studio. To compile just run build.bat.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer