Skip to content

andknownmaly/malware-detector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
config.json
config.json
 
 
main.py
main.py
 
 

Repository files navigation

Malware Detector

Malware Detector is a Python-based application designed to scan files in a specified directory, identify potential threats using the VirusTotal API, and manage infected files with options like quarantining or permanently deleting them. The tool provides a user-friendly GUI built with tkinter, allowing users to interact with the program seamlessly.

Images

Screenshot 2024-12-16 161242 image image image

Features

  • Scan Files: Scan all files in a selected directory and check them for malware using VirusTotal API.
  • VirusTotal Integration: Each file is checked against the VirusTotal database using its hash to determine if it is malicious.
  • Quarantine Files: Infected files can be quarantined by encoding them in Base64 and moving them to a quarantine directory.
  • Restore Files: Quarantined files can be restored by decoding them from Base64 back to their original form.
  • Permanently Delete Files: Malicious files can be permanently deleted from the system.
  • Progress Indicators: Shows progress while scanning and provides feedback on the scan status.
  • Results View: Displays scanning results in a table with file paths, scan status, and VirusTotal analysis.

Prerequisites

Before running the program, ensure you have the following installed:

  • Python 3.x
  • tkinter for GUI components
  • requests for API requests
  • base64 for file encoding/decoding
  • hashlib for generating file hashes

Install the required Python dependencies using the following:

pip install requests

Configuration

  1. VirusTotal API Key: You need to configure your VirusTotal API key to use this program. Create a config.json file in the same directory as the program with the following structure:
{
    "VIRUSTOTAL_API_KEY": "your_virustotal_api_key"
}

Usage

  1. Start the Program: Run the script main.py to launch the application.
python main.py

or

python3 main.py

  1. Select a Directory: Click on "Browse" to select the directory you want to scan.

  2. Start the Scan: Click "Start Scan" to begin scanning the files in the selected directory. The program will display the results in a table showing file paths, their scan status, and the results from VirusTotal.

  3. Stop the Scan: If you want to stop the scan before it completes, click the "Stop Scan" button.

  4. Manage Quarantined Files: View and manage quarantined files by clicking "View Quarantined Files" where you can restore or permanently delete them.

File Management Actions

  • Move to Quarantine: Move a malicious file to quarantine and encode it using Base64.
  • Delete Permanently: Permanently delete a malicious file from the system.
  • Restore from Quarantine: Restore a quarantined file by decoding it from Base64.

Known Issues

  • Rate Limiting: VirusTotal's API has rate limits, so if you exceed the request limit, the program will pause for a while before continuing.
  • Pay more: If you want to boost your time using VirusTotal's API, pay them then modify main.py delay.
  • File Sizes: Very large files may take longer to scan or quarantine.

Author

About

Malware Detector is a Python-based application designed to scan files in a specified directory, identify potential threats using the VirusTotal API

Topics

automation dynamic malware-analysis virustotal malware-detector

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages