Malcat

@[email protected]
141 Followers
47 Following
77 Posts
Malcat, a binary analysis software for #cybersecurity professionals.
#malware #malwareanalysis #reverseengineering #dfir #soc
Websitehttps://malcat.fr
Twitterhttps://twitter.com/malcat4ever
LinkedInhttps://www.linkedin.com/company/malcat
Discordhttps://discord.gg/Pf3s2ZKqtU
MalcatMay 18

We had 9 LLMs battle on real-world #malware triage and static unpacking tasks, using only #Malcat MCP server.

We compared not only their results, but also their speed and cost.

Full write-up:
https://malcat.fr/blog/benchmarking-llms-for-malware-triage-and-static-unpacking-with-malcat/

MalcatMay 4

#Malcat 0.9.14 is out!

This is a maintenance build, with some bonuses:

● AccessDB parsing
● RAR unpacking
● UPX (static) unpacking
● Improved __noreturn detection
● ... and as usual, up-to-date signature, constants and Kesakode DBs.

Happy reversing!

MalcatMar 20

In Malcat, hitting <Ctrl+M> will start the in-GUI MCP server (works in free version too). You can then interact with the current analysis using your LLM of choice.

Here I renamed functions and variables of the C2 dispatcher function for an unknown malware:

MalcatMar 10

We're happy to announce that #malcat 0.9.13 is out!

You'll find a new Apple-silicon MacOS port, two integrated MCP servers (in-GUI +headless) for automated triage and an improved interface:

https://malcat.fr/blog/0913-is-out-macos-port-mcp-server-and-dark-mode

MalcatFeb 24
Quick peek at the upcoming 0.9.3 release. It will also feature a 100% headless MCP server for full and pro users.
MalcatFeb 5

Sometimes, the absence of signature match is also interesting. Here the hashtag#Chrysalis sideloaded dll, where we can quickly spot the few interesting functions.

Make sure to check "Show UNK" !

MalcatJan 21

A quick update on Malcat's MacOS development (apple silicon):

A couple of visual glitches, but the analysis & UI are now functional \o/

MalcatJan 16

#malcat 0.9.12 is out!

Enjoy .pyc and .net stack analysis, py 3.14 support, nuitka / inno 6.7 / .net singlefile bundle parsers and may other improvements:

https://malcat.fr/blog/0912-is-out-python-314-pyc-and-net-stack-analysis/

0.9.12 is out: Python 3.14, PYC and .NET stack analysis

Malcat version 0.9.12 is out! This time we have focused on python and dotnet disassembly, with a new stack analysis that should improve their disassembly listing readability. We have also added support for python 3.14 and packed a large number of minor improvements.

MALCAT
MalcatJan 9

#kesakode DB update to 1.0.48:

● new sigs: Crazyhunter, Echogather, IranBot, MaskGramStealer, PulsarRat and Themeforestrat
● 9 existing entries updated
● FP-fixed signatures: 82
● 1146 new clean programs whitelisted
● +527K unique functions
● +700K unique strings

MalcatDec 5, 2025

#Malcat tip:

#Kesakode can be useful even when facing unknown/packed samples. Check "Show UNK" and focus on unique code and strings.

Here a simple downloader: