Skip to main content

Speakeasy malware emulation framework

Project description

Speakeasy

Speakeasy is a Windows malware emulation framework that executes binaries, drivers, and shellcode in a modeled Windows runtime instead of a full VM. It emulates APIs, process/thread behavior, filesystem, registry, and network activity so samples can keep moving through realistic execution paths. You can run it from the speakeasy CLI for fast triage or embed it as a Python library and consume structured JSON reports.

Background context: Mandiant's overview post.

Quick start

Install from PyPI:

python3 -m pip install speakeasy-emulator

Run a sample and inspect high-level report fields (replace sample.dll with your target):

speakeasy -t sample.dll --no-mp -o report.json 2>/dev/null
jq '{sha256, arch, filetype, entry_points: (.entry_points | length)}' report.json
{
  "sha256": "30ec092d122a90441a2560f6778ef8233c98079cd34b7633f7bbc2874c8d7a45",
  "arch": "x86",
  "filetype": "dll",
  "entry_points": 3
}

Executable proof for this snippet: doc/readme-quickstart-showboat.md.

Documentation map

Start here

CLI usage

Reports, configuration, and runtime behavior

Debugging and extension

Questions and help

Start with doc/help.md.

If you still need help, open an issue at github.com/mandiant/speakeasy/issues.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

speakeasy_emulator_refined-2.0.0b1.tar.gz (283.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

speakeasy_emulator_refined-2.0.0b1-py3-none-any.whl (343.8 kB view details)

Uploaded Python 3

File details

Details for the file speakeasy_emulator_refined-2.0.0b1.tar.gz.

File metadata

File hashes

Hashes for speakeasy_emulator_refined-2.0.0b1.tar.gz
Algorithm Hash digest
SHA256 f75a37a1abeb854ca795b7646b75e6d45f994574ca56d79db1e0404c961c54af
MD5 d1d946636b46cfaab650af9fd215f636
BLAKE2b-256 57d68728f3a638f19d2b5bec3af31f99fc5993b837147a94ff87c1c682b42ad9

See more details on using hashes here.

File details

Details for the file speakeasy_emulator_refined-2.0.0b1-py3-none-any.whl.

File metadata

File hashes

Hashes for speakeasy_emulator_refined-2.0.0b1-py3-none-any.whl
Algorithm Hash digest
SHA256 7e03f1616fbef7ad93629ae9f1470c89c11cc955e4c5b6c797d61d4cc78d6add
MD5 aaf4faaaf389529cd039056cf5339aaa
BLAKE2b-256 d7ad375e3ab1b711f6efdeaaedeff749bb00217ca1f7a211bc0b88b731e24677

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page