Skip to content
/ AegisShield Public

A Malware Detection Program that queries the file hash against VirusTotal Database.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Hemsagar11/AegisShield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Assets
Assets
 
 
samples
samples
 
 
yara-rules
yara-rules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
aegis_shield.py
aegis_shield.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

AegisShield : The Malware Detection Program

AegisShield Logo

Author: Hem Sagar
Date: June 27, 2024

Table of Contents

  1. Introduction
  2. Project Overview
  3. Features
  4. Installation
  5. Usage
  6. Testing
  7. Limitations
  8. Future Enhancements
  9. References

1. Introduction

Purpose: The Malware Detection Program is designed to scan files and directories for malware infections using signature-based detection and VirusTotal API integration.

Scope: This project focuses on detecting known malware signatures and providing detailed reports. It does not cover heuristic or behavior-based detection.

2. Project Overview

Objective: To create a tool that can scan files for known malware signatures and check file hashes against the VirusTotal database.

Tools and Technologies: Python, YARA, VirusTotal API.

System Architecture:

  • File selection module
  • Hashing and signature comparison (YARA)
  • VirusTotal API integration
  • Output generation

3. Features

  • Scans files for known malware signatures using YARA rules.
  • Checks file hashes against the VirusTotal database.
  • Generates detailed scan reports.

4. Installation

Prerequisites:

  • Python 3.x
  • Required Python libraries (listed in requirements.txt)

Step-by-Step Installation Guide:

  1. Clone the repository: 
    git clone https://github.com/Hemsagar11/AegisShield.git
  2. Navigate to the project directory: 
    cd AegisShield
  3. Create and activate a virtual environment: 
    python -m venv venv
source venv/bin/activate   # Linux/macOS
venv\Scripts\activate      # Windows
  4. Install dependencies: 
    pip install -r requirements.txt
  5. Configure Environment Variables:
    • Create a .env file inside the project directory.
    • Set your API key & Yara rule path in the .env file as
    VIRUSTOTAL_API_KEY= "Your API Key"
YARA_RULES_PATH= path/to/yara-rules

5. Usage

Running the Program: To start the program, run:

python aegis_shield.py [Arguments]

Command-Line Arguments:

-d, --directory: Specify the directory to scan.
-f, --file: Specify a single file to scan.
--hash: Specify the hashing algorithm.

Example Usage:

python aegis_shield.py --directory /path/to/scan
python aegis_shield.py --file /path/to/file.exe

Note: To Exit the virtual isolated environment, run the command deactivate in the terminal.

6. Testing

Test Cases:

  • Malware Samples: Scanned known malware samples to verify detection. Samples -> MalwareBazaar
  • Clean Files: Ensured no false positives with clean files.
  • Edge Cases: Tested with large files and various file types.

Test Results:

  • Successfully detected all known malware samples.
  • No false positives with clean files.

Results

7. Limitations

Known Issues:

  • Detection limited to known signatures.
  • VirusTotal API rate limits may affect performance.

Future Work:

  • Implement heuristic analysis.
  • Add machine learning-based detection.

8. Future Enhancements

Potential Features:

  • Real-time file monitoring.
  • Improved scanning algorithms.
  • Enhanced user interface with a web dashboard.

9. References

About

A Malware Detection Program that queries the file hash against VirusTotal Database.

Topics

python malware yara virustotal

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages