π A comprehensive static malware analysis platform powered by machine learning that provides deep insights into Windows PE files and DLLs with intelligent threat detection and severity scoring.
Malvisor is an advanced static malware analysis platform that combines the power of machine learning with comprehensive file analysis to detect and classify various types of malware. Built with modern web technologies and powered by Google's Gemini AI, it provides security researchers, analysts, and developers with a robust tool for malware detection and analysis.
- π― Targeted File Support: Accepts only PE (Portable Executable) files and DLLs for focused Windows malware analysis
- β‘ Static Analysis: Performs comprehensive static analysis without executing potentially harmful files
- π¬ Deep Feature Extraction: Extracts critical static features for ML-based classification
- π§ LightGBM Model: Utilizes advanced gradient boosting for accurate malware classification
- π Multi-Class Classification: Detects 10 different malware families and benign files
- π― High Accuracy: Trained on extensive datasets for reliable threat detection
- π Detailed Analysis Reports: In-depth analysis with extracted features and classifications
- β Severity Scoring: Intelligent severity assessment based on threat level
- πΎ Downloadable Reports: Export analysis results in PDF format for documentation
- π€ AI-Powered Insights: Gemini AI integration for interactive report analysis
Malvisor can identify the following malware categories:
| π·οΈ Category | π Description | π¨ Severity Level |
|---|---|---|
| π Ransomware | Encrypts user data for ransom | π΄ Critical |
| π΄ Trojan | Disguised malicious software | π High |
| π Worm | Self-replicating network spreader | π High |
| πΊ Adware | Unwanted advertisement software | π‘ Medium |
| ποΈ Spyware | Covert information gathering | π High |
| πͺ Backdoor | Unauthorized remote access | π΄ Critical |
| β¨οΈ Keylogger | Keystroke monitoring software | π High |
| π¦ Dropper | Malware delivery mechanism | π High |
| πΏ Rootkit | System-level hiding malware | π΄ Critical |
| β Benign | Safe, legitimate software | π’ Safe |
Malvisor extracts and analyzes the following critical features:
num_importsπ₯: Number of imported functions and librariessection_countπ: Count of PE file sectionsfilesizeπ: File size in bytes
entropy_meanπ: Average entropy across file sectionsentropy_maxπ: Maximum entropy value foundentropy_minπ: Minimum entropy value found
string_countπ: Total number of extracted stringssuspicious_string_countβ οΈ : Count of potentially malicious strings
These features are processed through our trained LightGBM model to provide accurate malware classification and threat assessment.
- React 18+ βοΈ: Modern component-based UI framework
- Vite β‘: Next-generation frontend build tool for blazing fast development
- TailwindCSS π¨: Utility-first CSS framework for rapid UI development
- Flask π: Lightweight Python web framework for API development
- LightGBM π€: Gradient boosting framework for machine learning inference
- Google Gemini API π: Advanced AI for intelligent report analysis and interactive querying
-
pefileπ: Python library for parsing PE (Portable Executable) files- Extracts headers, sections, imports, and metadata from Windows executables
- Essential for structural analysis of PE files and DLLs
-
stringπ€: Built-in Python module for string operations and constants- Used for extracting and analyzing printable strings from binary files
- Helps identify suspicious text patterns and embedded URLs
-
hashlibπ: Cryptographic hash functions library- Generates MD5, SHA1, SHA256 hashes for file identification
- Creates unique fingerprints for malware samples
-
capstoneπ§: Disassembly framework for multiple architectures- Disassembles x86/x64 machine code for static code analysis
- Enables detection of malicious code patterns and behaviors
-
jspdfπ: JavaScript library for PDF generation- Creates downloadable analysis reports in PDF format
- Enables professional documentation of analysis results
-
react-markdownπ: React component for rendering Markdown content- Displays formatted analysis reports and documentation
- Provides rich text rendering capabilities for better readability
- Node.js 16+ and npm
- Python 3.8+
- Google Gemini API key
-
Clone the repository
git clone https://github.com/PrathicaShettyM/Malvisor.git
-
Setup Frontend
cd client npm install npm run dev -
Setup Backend
cd server pip install -r requirements.txt python app.py -
Configure Environment
# Add your Gemini API key to environment variables export GEMINI_API_KEY=your_api_key_here
- π€ Upload File: Select and upload a PE file or DLL through the web interface
- β³ Analysis: The system automatically extracts static features and processes them through the ML model
- π Results: View comprehensive analysis results including malware classification and severity score
- π€ AI Insights: Use the Gemini AI bot to ask questions about the analysis report
- πΎ Export: Download detailed PDF reports for documentation and further analysis
- π‘οΈ Safe Analysis: Static analysis only - no file execution
- π Comprehensive Detection: Multi-layered feature extraction and analysis
- π Severity Assessment: Intelligent threat level classification
- π€ AI-Enhanced: Gemini AI provides additional insights and explanations
We welcome contributions! Please feel free to submit issues, feature requests, or pull requests to help improve Malvisor.
This project is licensed under the MIT License - see the LICENSE file for details.
π‘οΈ Stay Safe, Analyze Smart with Malvisor! π‘οΈ
Made by Prathica Shetty M