Paper: FAME - Friendly Malware Analysis Framework

Posted by   Martijn Grooten on   Nov 2, 2017

As someone who spends most of his time talking to people who work for security vendors, I am always impressed by the amount of security research that takes place in the real world, at companies and organizations large enough to have teams dedicated to analysing the threats they are facing.

One such company is the French bank Société Générale, whose CERT I have come to know through its involvement in Botconf. So when, during VB2017, Alex Kouzmine and Frank Bitsch from this CERT approached me and asked if they could give a short presentation on their malware analysis framework, I was more than happy to allocate them one of the free slots in the Small Talk room.

They gave a short, but well-received talk on FAME, a 'Friendly Malware Analysis Framework' – an open source framework that should help make the important task of analysing the various threats an organization is facing both faster and easier. In the researchers' own case, for instance, the framework helps them determine quickly whether a new variant of a banking trojan targets their employer.


Creating a FAME module is as simple as creating a Python class.

Alex and Frank wrote a short paper to complement their talk, which we publish today both in HTML and PDF format.



Latest posts:

Standalone product test: FireEye Endpoint

Virus Bulletin ran a standalone test on FireEye's Endpoint Security solution.

VB2017 video: Consequences of bad security in health care

Jelena Milosevic, a nurse with a passion for IT security, is uniquely placed to witness poor security practices in the health care sector, and to fully understand the consequences. Today, we publish the recording of a presentation given by Jelena at…

Vulnerabilities play only a tiny role in the security risks that come with mobile phones

Both bad news (all devices were pwnd) and good news (pwning is increasingly difficult) came from the most recent mobile Pwn2Own competition. But the practical security risks that come with using mobile phones have little to do with vulnerabilities.

VB2017 paper: The (testing) world turned upside down

At VB2017 in Madrid, industry veteran and ESET Senior Research Fellow David Harley presented a paper on the state of security software testing. Today we publish David's paper in both HTML and PDF format.

VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel

Trickbot, a banking trojan which appeared this year, seems to be a new, more modular, and more extensible malware descendant of the notorious Dyre botnet trojan. At VB2017, Symantec researcher Andrew Brandt presented a walkthrough of a typical…