What is JAMA? JAMA is an open source malware analysis tool.
To use this version of JAMA, you need to: 1) Run the XMLRPC server using xmlrpc_dumper.py (in a dedicated server or a virtual machine). Configure the path of tools in config.py before running the server. 2) Connect the server using xmlrpc_client.py
Build a Windows guest using VMWare and forward the port 8000 between the guest and host.
Run the XMLRPC server in the guest: $ python xmlrpc_dumper.py 8000
When the server is ready, execute the following commands in the host:
$ cd $JAMA_PATH
$ python xmlrpc_client.py http://localhost:8000
After a while a static report and a dynamic behavior's report will be found in the output directory.
If you want to test the availability of the node or a list of nodes, edit the file servers.conf adding the corresponding nodes and execute the command:
$ python xmlrpc_tester.py
The file servers.conf is also used with xmlrpc_client.py to randomly select a node to connect to. The command to run would be the following:
$ python xmlrpc_client.py auto
Suppose you have 3 nodes (node1, node2 and node3) and a directory with a lot of malware samples ($JAMA_PATH/samples, for this example). To analyze all of them, simply do following steps:
1) Edit servers.conf as: http://node1:8000/ http://node2:8000/ http://node3:8000/
2) $ cd $JAMA_PATH
$ xmlrpc_tester.py [Thu Dec 2 13:08:54 2010] Status of server http://node1:8000/ is [ALIVE] [Thu Dec 2 13:08:54 2010] Status of server http://node2:8000/ is [ALIVE] [Thu Dec 2 13:08:54 2010] Status of server http://node3:8000/ is [ALIVE]
$ python batch_tester.py auto samples
Licensed under the GNU General Public License Version 3.
Author: Qin Liu Email: lqgy2001 [AT] gmail [DOT] com