Here’s a consolidated version of the README.md that includes installation, dependencies, API setup, usage, and testing all in one document:
# Malware Scanner Tool
A Python-based malware scanning tool for Windows. This tool leverages VirusTotal, YARA rules, and heuristics to identify malicious files, suspicious registry entries, and anomalous processes. Additionally, it generates a visual map of damaged system areas.
---
## Features
- **File Scanning**: Detects malicious files using SHA256 hashes and YARA rules.
- **Registry Scanning**: Identifies suspicious registry entries for further inspection.
- **Process Scanning**: Monitors active processes for anomalous activity.
- **Visualization**: Creates a graphical representation of damaged system areas using Matplotlib.
---
## Step-by-Step Guide
### 1. Install Dependencies
To use the Malware Scanner Tool, install the required Python libraries:
```bash
pip install psutil requests matplotlib yara-pythonAlternatively, use the requirements.txt file to install dependencies:
pip install -r requirements.txtThe scanner uses VirusTotal's API to validate file hashes. Follow these steps to set up:
-
Obtain a VirusTotal API Key:
- Go to VirusTotal and create a free account.
- Navigate to your account settings and copy your API key.
-
Add Your API Key:
- Open
scanner.pyin any text editor. - Locate the following line:
VIRUSTOTAL_API_KEY = "your_api_key_here"
- Replace
"your_api_key_here"with your actual API key.
- Open
-
Run the Scanner: Start the scanner by running the following command in the terminal:
python scanner.py
-
Provide the Directory to Scan: When prompted, enter the directory you wish to scan (e.g.,
C:\for the entire C drive). -
View Scan Results:
- Log File: All findings will be logged in
system_scan.log. - Visual Map: A graphical visualization of affected areas will be saved as
damaged_areas_map.png.
- Log File: All findings will be logged in
> python scanner.py
Enter the directory to scan (e.g., C:\): C:\Users
Scanning directory: C:\Users
Suspicious file detected: C:\Users\example\malicious.exe
Malicious process detected: explorer.exe (C:\Windows\explorer.exe)
Registry entry flagged: Software\Microsoft\Windows\CurrentVersion\Run\example
Scan completed. Check system_scan.log for details.
To ensure safe and reliable execution:
-
Test in a Virtual Machine: Run the tool in a sandboxed environment to mitigate risks.
-
Customize YARA Rules:
- Add or edit YARA rules in the
yara_rules/directory. - Example rule (
rules.yara):rule SuspiciousExecutable { strings: $malicious = "malware" condition: $malicious }
- Reload the tool to apply updated rules.
- Add or edit YARA rules in the
-
Simulate Suspicious Files: Create harmless test files that match YARA rules or hashes to validate detection accuracy.
-
Missing Dependencies:
- Ensure all libraries are installed:
pip install -r requirements.txt
- Ensure all libraries are installed:
-
VirusTotal API Key Errors:
- Verify your API key is correctly set in
scanner.py. - Ensure your VirusTotal account has not exceeded the daily request limit (500 for free accounts).
- Verify your API key is correctly set in
-
Permission Errors:
- Run the script as an administrator to access restricted files or registry keys:
python scanner.py
- Run the script as an administrator to access restricted files or registry keys:
We welcome contributions! To contribute:
- Fork the repository on GitHub.
- Clone your forked repository:
git clone https://github.com/<Astralchemist>/malware-scanner.git cd malware-scanner
- Create a new branch for your feature:
git checkout -b feature-name
- Make your changes, commit, and push:
git add . git commit -m "Add feature description" git push origin feature-name
- Submit a Pull Request on GitHub.
This tool is for educational purposes only. It should be used responsibly and in compliance with applicable laws. Testing on unauthorized systems is prohibited.
This project is licensed under the MIT License.