/MalwareAnalyzerDash

A group project that uses Python and Dash, and allows the user to upload an .exe or .dll file to scan for malware. The application uses a ML approach to determine whether the uploaded file is a virus or a benign file. Please see the README file to see group member's contributions.

Primary LanguagePython

Malware Analyzer

Project Description

This group project was made during our Senior Projects class and involved multiple contributors. The web application, made with the Dash framework, lets a user upload a file and scans the file to see if it's a virus. The application first disassembles the file using the Linux objdump command, and stores the contents of the disassembled file in a directory called outputFiles as a .txt file to be scanned. Then, the application scans through the .txt file applying weights derived from training a machine-learning model that decides whether the uploaded file matches a known virus pattern or not. The outcome of the scan along with a datatable component is outputted to the user. The datatable shows the values stored within the .txt file.

How to run the web application

  1. The first option is to visit the deployed web application https://monkfish-app-kexeq.ondigitalocean.app.

    • This is the easiest option.

  2. The second option involves installing the application onto a local machine.

    • First, download the repository into a folder onto your device.

    • Then, navigate to folder using the terminal/console where the repository was saved to and install the dependencies within the requirements.txt file.

      • To install dependencies, enter $ pip install -r requirements.txt using the terminal/command prompt.

    • Run the program either via the terminal/command prompt by typing python3 app.py or by running the program within your preferred IDE that supports Python.

    • The program will run within the local machine's web browser via http://127.0.0.1:5000/

How to use the project

  1. Open the application in your chosen web browser.
  2. Click on the upload component, navigate to the file using the file browser, and upload the file (file must be an .exe or .dll).
  3. Press the objdump button to disassemble the file.
  4. Select the Disassembled Files option from the first drop-down list.
  5. Select the file to scan using the second drop-down list.
  6. When the scan is done, the datatable and results of the scan will be displayed.

Credits/Contributors

  1. Kenneth Witzenman: Responsible for developing and training the ML algorithm and model.
  2. Cameron Pierce: Responsible for the disassembly script and formatting/scrubbing the data so that the machine-learning model can apply the weights correctly
  3. Justin Truong: Responsible for developing the UI and web application, integration of the disassembly and machine-learning scripts, and deployment of the web application.