Skip to content
This repository has been archived by the owner on Jun 27, 2022. It is now read-only.
/ AutoDetours Public archive

This project is no longer maintained. You should check out SledRE (https://github.com/sledre/sledre) which is the continuation of it.

License

Notifications You must be signed in to change notification settings

kn0wl3dge/AutoDetours

Repository files navigation

This project is no longer maintained. You should check out SledRE which is the continuation of it.

BackendCI

AutoDetours

/!\ This project isn't ready for production /!\

Introduction

AutoDetours is a scalable application for Windows malware analysis. For the moment only PESieve and Detours are integrated.

PESieve job goal is to unpack a Windows PE malware.
Detours job goal is to hook syscalls called by a Windows PE malware.

On the one hand, this application could be used as an analysis pipeline for Windows malware.
On the other hand, it could be used to generate a large dataset which can contains results from differents tools. This dataset could then be used in machine learning to try to classify samples by families.

Architecture

Installation

Prerequisites

  • Docker installed and running
  • docker-compose
  • Python3 for the setup script

Procedure

To install the project, run the following commands:

pip3 install -r requirements.txt
python3 setup.py -w <nbr_workers>

You can also use the option --dev to configure the project for developement.

Running the projet

To run the project, just use the following command:

docker-compose up -d

Usage

You can now launch the app on your favorite Browser and upload your samples. Once the treatment is done you can download the results list (in a JSON format) on your computer. The application should be available at http://172.20.0.10/