{"id":50709258,"url":"https://github.com/masteribro/dynamic-malware-detection","last_synced_at":"2026-06-09T14:01:54.367Z","repository":{"id":344664935,"uuid":"1158411543","full_name":"masteribro/dynamic-malware-detection","owner":"masteribro","description":"A behavioral-based malware analysis tool that monitors and classifies program activities in real-time using sandboxing techniques.","archived":false,"fork":false,"pushed_at":"2026-06-01T12:58:53.000Z","size":260,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-01T14:25:58.702Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://v0-dynamic-malware-detection.vercel.app","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/masteribro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-15T10:26:28.000Z","updated_at":"2026-06-01T12:59:08.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/masteribro/dynamic-malware-detection","commit_stats":null,"previous_names":["masteribro/dynamic-malware-detection"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/masteribro/dynamic-malware-detection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masteribro%2Fdynamic-malware-detection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masteribro%2Fdynamic-malware-detection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masteribro%2Fdynamic-malware-detection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masteribro%2Fdynamic-malware-detection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/masteribro","download_url":"https://codeload.github.com/masteribro/dynamic-malware-detection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/masteribro%2Fdynamic-malware-detection/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34110012,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-09T14:01:53.278Z","updated_at":"2026-06-09T14:01:54.349Z","avatar_url":"https://github.com/masteribro.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MalwareGuard — Dynamic Malware Detection System\n\nA web-based malware detection platform that combines static file analysis, YARA signature scanning, VirusTotal API integration, MalwareBazaar lookups, entropy analysis, and behavioural simulation to classify files as benign, suspicious, or malicious.\n\n---\n\n## Features\n\n- **User Authentication** — Login/registration with role-based access (Admin / Analyst)\n- **Real File Scanning** — Upload a file and get verdicts from VirusTotal (70+ AV engines), MalwareBazaar, and YARA rules\n- **Behavioural Simulation** — Simulate program behaviour and classify using a weighted heuristic scoring model\n- **YARA Signatures** — Detect process injection, ransomware, trojans, and more via custom YARA rules\n- **Entropy Analysis** — Flags packed or encrypted binaries using Shannon entropy\n- **Suspicious String Extraction** — Identifies dangerous API calls and keywords in binary files\n- **History \u0026 Statistics** — Searchable analysis history with detection rate charts\n- **SQLite Database** — Persistent storage for all analyses\n\n---\n\n## Prerequisites\n\n- Python 3.8 or higher\n- pip\n- A VirusTotal API key (free tier works — sign up at https://www.virustotal.com)\n\n---\n\n## Setup \u0026 Installation\n\n### 1. Clone the repository\n\n```bash\ngit clone https://github.com/masteribro/dynamic-malware-detection.git\ncd dynamic-malware-detection\n```\n\n### 2. Create and activate a virtual environment\n\n```bash\npython3 -m venv .venv\nsource .venv/bin/activate       # macOS / Linux\n# OR\n.venv\\Scripts\\activate          # Windows\n```\n\n### 3. Install dependencies\n\n```bash\npip install -r requirements.txt\n```\n\n### 4. Configure your VirusTotal API key\n\nThe app reads the API key from a `config.py` file in the project root (this file is gitignored and must be created manually).\n\nCreate `config.py` in the project root:\n\n```python\nVIRUSTOTAL_API_KEY = 'your_virustotal_api_key_here'\n```\n\n**Alternative — use an environment variable instead:**\n\n```bash\nexport VIRUSTOTAL_API_KEY='your_virustotal_api_key_here'\n```\n\n\u003e The app will fall back to the environment variable if `config.py` is not present. Without a valid API key, VirusTotal lookups will be skipped but all other detection methods (YARA, entropy, MalwareBazaar) will still work.\n\n### 5. (Optional) Set a custom secret key\n\nBy default the app uses a development secret key. For any serious deployment set:\n\n```bash\nexport SECRET_KEY='your-random-secret-key'\n```\n\n---\n\n## Running the Application\n\n```bash\nsource .venv/bin/activate       # make sure the virtual environment is active\npython3 web_interface/app.py\n```\n\nThe app starts on **http://localhost:8000**\n\n\u003e **Note for macOS users:** Port 5000 is blocked by AirPlay Receiver. The app uses port 8000 by default. You can override this with `export PORT=5001` before running.\n\n---\n\n## First-Time Login\n\n1. Open **http://localhost:8000** in your browser.\n2. Click **Register** to create an account.\n3. The **first registered user** is automatically assigned the **Admin** role. All subsequent users become Analysts.\n4. Log in and you will be taken to the dashboard.\n\n---\n\n## Usage\n\n### Real File Scan (Analyze Tab)\n\n1. Click the **Analyze** tab.\n2. Toggle to **Real File Scan**.\n3. Drag and drop or browse for a file (supported: `.exe`, `.dll`, `.pdf`, `.zip`, `.js`, `.ps1`, `.bat`, `.doc`, `.xls`, and more).\n4. Click **Scan File**.\n5. Results include:\n   - Verdict: **Malicious / Suspicious / Benign**\n   - VirusTotal engine breakdown\n   - MalwareBazaar hash match\n   - YARA rule hits\n   - Shannon entropy value\n   - Suspicious strings found\n   - MD5 / SHA-1 / SHA-256 hashes\n\n### Behavioural Simulation (Analyze Tab)\n\n1. Toggle to **Behavioural Simulation**.\n2. Enter a program name and select a behaviour type.\n3. The system simulates runtime behaviour, extracts 6 behavioural features, and classifies via weighted heuristic scoring.\n\n---\n\n## Environment Variables Reference\n\n| Variable | Required | Description |\n|---|---|---|\n| `VIRUSTOTAL_API_KEY` | Recommended | VirusTotal API v3 key for file/hash scanning |\n| `SECRET_KEY` | Optional | Flask session secret key (use a strong random value in production) |\n| `PORT` | Optional | Port to run the app on (default: `8000`) |\n\n---\n\n## Project Structure\n\n```\ndynamic-malware-detection/\n├── web_interface/\n│   ├── app.py              # Flask application (auth, routes, API endpoints)\n│   ├── scanner.py          # Real file scan pipeline (VT, YARA, entropy)\n│   ├── templates/\n│   │   ├── login.html\n│   │   ├── register.html\n│   │   └── index.html      # Main dashboard\n│   └── static/\n│       ├── css/style.css\n│       └── js/main.js\n├── src/\n│   ├── main.py             # DynamicMalwareDetector orchestrator\n│   ├── monitor/\n│   │   └── behavior_monitor.py   # Behaviour simulation\n│   ├── analysis/\n│   │   ├── feature_extractor.py  # 6-feature extraction\n│   │   ├── classifier.py         # Heuristic + ML classifier\n│   │   └── yara_integration.py   # YARA engine wrapper\n│   ├── data/\n│   │   └── dataset_generator.py\n│   ├── models/\n│   │   └── model_trainer.py\n│   ├── evaluation/\n│   │   └── evaluator.py\n│   └── reporting/\n│       └── report_generator.py\n├── yara_rules/\n│   ├── trojan_behaviors.yar      # Process injection, C2 patterns\n│   ├── ransomware_signatures.yar # Shadow copy deletion, encryption markers\n│   ├── trojan_droppers.yar\n│   └── worm_patterns.yar\n├── models/\n│   ├── ensemble_model.pkl        # Trained RandomForest + GradientBoosting\n│   └── scaler.pkl\n├── scripts/\n│   └── train_simple.py           # Train ML model on synthetic data\n├── tests/\n│   └── test_comprehensive.py\n├── reports/                      # Generated scan reports (JSON)\n├── uploads/                      # Temporary file upload directory\n├── requirements.txt\n├── config.py                     # YOUR API KEY — create this manually, not committed\n└── malware_detection.db          # SQLite database (auto-created on first run)\n```\n\n---\n\n## Troubleshooting\n\n**`ModuleNotFoundError: No module named 'flask'`**\n- You are not in the virtual environment. Run `source .venv/bin/activate` first.\n\n**`python: command not found`**\n- macOS uses `python3`. Always use `python3 web_interface/app.py`.\n\n**Port already in use**\n- Set a different port: `export PORT=8080` then rerun.\n\n**VirusTotal returns no results**\n- Check your API key in `config.py` or the `VIRUSTOTAL_API_KEY` environment variable.\n- Free-tier keys have a rate limit of 4 requests/minute and 500/day.\n\n**YARA rules not loading**\n- Ensure `yara-python` installed correctly: `pip install yara-python\u003e=4.3.0`\n- On Apple Silicon Macs you may need: `brew install yara` first.\n\n**Database errors**\n- Delete `malware_detection.db` to reset all data: `rm malware_detection.db`\n\n---\n\n## License\n\nMIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmasteribro%2Fdynamic-malware-detection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmasteribro%2Fdynamic-malware-detection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmasteribro%2Fdynamic-malware-detection/lists"}