A simplified command-line interface for extracting the Machoc hash of a PE executable using Metasm. The code is based on the Polichombr framework, and most of the code is directly copied from AnalyzeIt.rb.
This script allows the extraction of a Machoc hash without having to install or invoke the whole Polichombr framework.
The only dependency is Metasm, which can be installed with:
gem install metasm
ruby machoc.rb /path/to/pe_executable.exe
Extracting the Machoc hash of executables with complex code seems to be quite slow and require up to 20 seconds on a Intel Core i5-7200U, but the mean execution time seems to be somewhere between 3 and 4 seconds per file when experimenting on a dataset of malicious executables.
Similar experiments using the Python+Radare2 implementation Machoke, commit 59afbbc, indicate that this ruby implementation calculates Machoc hashes approximately 40 % faster.