This project is no longer maintained. You should check out SledRE which is the continuation of it.
/!\ This project isn't ready for production /!\
AutoDetours is a scalable application for Windows malware analysis. For the moment only PESieve and Detours are integrated.
PESieve job goal is to unpack a Windows PE malware.
Detours job goal is to hook syscalls called by a Windows PE malware.
On the one hand, this application could be used as an analysis pipeline for Windows malware.
On the other hand, it could be used to generate a large dataset which can contains results from differents tools.
This dataset could then be used in machine learning to try to classify samples by families.
- Docker installed and running
- docker-compose
- Python3 for the setup script
To install the project, run the following commands:
pip3 install -r requirements.txt
python3 setup.py -w <nbr_workers>You can also use the option --dev to configure the project for developement.
To run the project, just use the following command:
docker-compose up -d
You can now launch the app on your favorite Browser and upload your samples. Once the treatment is done you can download the results list (in a JSON format) on your computer. The application should be available at http://172.20.0.10/