Home

Awesome

MalwareHunter

What is MalwareHunter

In three words, MalwareHunter is a malware analysis application. What does that mean? It simply means that you can throw any suspicious file at it and it will provide you back some static information as well as a detailed results outlining what such file did when executed inside an isolated environment..

Install Requirements

$ sudo apt-get install virtualbox virtualbox-guest-additions
$ VBoxManage sharedfolder add “winxp” \
--name “malware” \
--hostpath “/Users/<user>/Desktop/vbox/malware” \
--readonly
C:\> net use X: \\vboxsvr\malware /PERSISTENT:YES
$ VBoxManage snapshot “winxp” take “cleanimg”
$ svn checkout http://volatility.googlecode.com/svn/trunk Volatility
$ apt-get install snort inetsim tshark

Install and Run

$ git clone https://github.com/abdesslem/malwareHunter.git
$ cd malwareHunter  

Run the tools in command line or web application

$ python main.py or python mainGui.py

Purpose

The purpose of the malwareHunter is to determine:

And these functionalities are achieved as follow:

Components

Modules

To get some information about the file, such as URL, strings, packers, anti-debug ... we used the peframe modules. This directory contain the code responsible for the static analysis.

Web

The project's web interface is built with Bottle. Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It isdistributed as a single file module and has no dependencies other than the Python Standard Library.

Sandbox

To be able to collect valuable data, it's important to run the sample in an isolated environement and automate the process of dynamic analysis.

Bitdeli Badge