Skip to content
/ Malware-Detector-Repeat Public

simple anti-malware consisting of a system monitor that monitors the system and warns the user in case of any problems like fork bomb or memory bad behavior. it quarantines, kills, and removes the malware.

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KareimGazer/Malware-Detector-Repeat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
screenshots
screenshots
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
Scan.py
Scan.py
 
 
SysMonitor.py
SysMonitor.py
 
 
bomb.c
bomb.c
 
 
main.py
main.py
 
 
memEat.c
memEat.c
 
 

Repository files navigation

Malware-Detector-Repeat

Abstract

Information security has become ubiquitous in this era. in this project we try to demonstrate a simple anti-malware prototype consisting of a system mointer that mointers the system and warns the user in case of any problems like fork bomb or memory bad behavior, quarantine, kills, and removes the malware.

System Components

System Monitor

The main component of the system. presents the user with a summary of system metrics, then ask the user if he wants more info about:

  • CPU
  • RAM
  • Disk
  • Network
  • fresh new summary

or do a scan or exit. while the program is running a thread running in the background notifies the user about any warnings or potential threats to the system and runs a scan automatically in these cases.

Processes Scanner

it is a Python script that detects and kills the fork bomb malware which overloads the OS and makes it out of control.

Memory Scanner

memory eater is a program that allocates and deallocates memory in the heap by a variable size simulating memory-based or fileless malware These types of malware exploit vulnerabilities in memory management to carry out malicious activities without relying heavily on files stored on disk, so this scanner can detect this bad program and finally kills or stops this process.

Getting started

VM 🖥️

The development environment is Ubuntu Linux VM and can be extended to other environments. The script is written in Python 3

  • Download the files
  • Follow the installation steps:
sudo apt-get update
sudo apt-get install -y python3-pip
pip install psutil

We used the C programming language to build the malicious program, and GCC for the compilation

sudo apt-get install gcc
gcc memEat.c -o memEat # compile the memory malware
gcc bomb.c -o bomb # compile the fork bomb

run

python main.py # run the antivirus

open another terminal and run the malware you want to experiment with

Docker 🐋

docker build . -t malware-test # build the image
docker run -it malawre-test # run in interactive mode

the system monitor will appear, then in another terminal

docker exec -it <container-name> bash

from there you can run the malware and interact with the detector and experiment

Sample Output - VM

launching memory eater

launching manager

launching memory eater

launching memory eater

launching memory eater

launching memory eater

Folder Structure

Refer to the following table for information about important directories and files in this repository.

Malware-Detector-Repeat
├── screenshots         sample output
├── README.md           main documentation.
├── SysMonitor.py       reads and shows system info
├── Scan.py             the scanner: scan thes system for vulnerabilities
└── main.py             driver code

About

simple anti-malware consisting of a system monitor that monitors the system and warns the user in case of any problems like fork bomb or memory bad behavior. it quarantines, kills, and removes the malware.

Topics

python linux malware antivirus cyber-security

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages