/malware_showcase

Understand the nature of malicious software with practical examples in Python.

Primary LanguagePythonMIT LicenseMIT

license version dev types

Malware Showcase

This repository contains explanatory examples of malicious behavior like file infection or remote code execution. It's supposed to demonstrate and explain the nature of malicious software with practical examples in Python.

Note: This repository contains examples of malicious files. It should be used for educational purposes only. Usage of files in this repository for any other purpose might cause you legal issues, even though the provided examples are very simple. It is advised to follow the instructions.

Showcase structure

  • File infector - This kind of malware infects other files. Common example of such behavior is code injection. Malicious code is injected into targeted files and might be later executed. This allows the file infectors to spread. The purpose of their payload might differ, from harmless to destructive behavior.
  • Trojan (trojan horse) - This kind of malware tries to look like a legitimate software and the malicious activity is hidden from the victim. Common example of such behaviour is spying on victims. Trojans can be more precisely classified by a purpose of the malicious segment. They were named after the Greek story, in which the city of Troy has accepted a statue of wooden horse as a gift from their enemies, while the enemy soldiers were hidden inside.
  • Worm - This kind of malware tries to spread on the network and does not need a host file to spread. Worms might contain malicious payload and execute commands on the compromised systems or just consume the network bandwidth to jam the communication.
  • Spyware - This kind of malware tries to spy on the victim and steal his or her data. There exist various ways of spying on the victim, for example scanning the pressed keys on the keyboard. In comparison with the trojan horse, spyware stays often hidden from the sight of the victim.
  • Ransomware - This kind of malware tries to encrypt your files or even restrict your access to the system until a financial ransom is paid. It might continuously remove your files to increase the threat and force you to submit. Ransomwares became very popular in the recent years.
  • Adware - This kind of malware tries to aggressively show ads to the victims. Usually it is just an annoying software that does not have any harmful intentions. Adware might try various methods to make the advertising more persistent.
  • Dropper - This kind of malware attemps to download or dump malicious code to the target system. The malware can be secretly embedded in the dropper itself or downloaded from a remote server. It often tries to avoid detection by obfuscation and encryption.

Installation

Make sure that you have installed Python3, system package python3-dev and Python package wheel.

sudo apt install python3-dev
pip3 install wheel
python3 setup.py bdist_wheel  # You might need to run this command as well.

To setup a virtual environment, run the following command:

source setup_env.sh

Or you can install required Python packages listed in requirements.txt on your own. If something goes wrong during the installation, the script should provide you information about possible failures. You can then focus on the problematic steps in setup_env.sh and fix the problem.