/AutoDetours

This project is no longer maintained. You should check out SledRE (https://github.com/sledre/sledre) which is the continuation of it.

Primary LanguageC++GNU General Public License v3.0GPL-3.0

This project is no longer maintained. You should check out SledRE which is the continuation of it.

BackendCI

AutoDetours

/!\ This project isn't ready for production /!\

Introduction

AutoDetours is a scalable application for Windows malware analysis. For the moment only PESieve and Detours are integrated.

PESieve job goal is to unpack a Windows PE malware.
Detours job goal is to hook syscalls called by a Windows PE malware.

On the one hand, this application could be used as an analysis pipeline for Windows malware.
On the other hand, it could be used to generate a large dataset which can contains results from differents tools. This dataset could then be used in machine learning to try to classify samples by families.

Architecture

Installation

Prerequisites

  • Docker installed and running
  • docker-compose
  • Python3 for the setup script

Procedure

To install the project, run the following commands:

pip3 install -r requirements.txt
python3 setup.py -w <nbr_workers>

You can also use the option --dev to configure the project for developement.

Running the projet

To run the project, just use the following command:

docker-compose up -d

Usage

You can now launch the app on your favorite Browser and upload your samples. Once the treatment is done you can download the results list (in a JSON format) on your computer. The application should be available at http://172.20.0.10/